diff --git a/2012/4xxx/CVE-2012-4388.json b/2012/4xxx/CVE-2012-4388.json index 7dc3b094693..05e3d29acbb 100644 --- a/2012/4xxx/CVE-2012-4388.json +++ b/2012/4xxx/CVE-2012-4388.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4388", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398." + "value": "The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398." } ] }, @@ -50,62 +27,86 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://security-tracker.debian.org/tracker/CVE-2012-4388", - "refsource": "CONFIRM", - "url": "http://security-tracker.debian.org/tracker/CVE-2012-4388" - }, - { - "name": "[oss-security] 20120905 Re: php header() header injection detection bypass", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2012/09/05/15" - }, - { - "name": "1027463", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id?1027463" - }, - { - "name": "[oss-security] 20120906 Re: Re: php header() header injection detection bypass", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2012/09/07/3" - }, - { - "name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986", - "refsource": "CONFIRM", - "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986" - }, - { - "name": "https://bugs.php.net/bug.php?id=60227", + "url": "http://www.ubuntu.com/usn/USN-1569-1", "refsource": "MISC", - "url": "https://bugs.php.net/bug.php?id=60227" + "name": "http://www.ubuntu.com/usn/USN-1569-1" }, { - "name": "[oss-security] 20120829 php header() header injection detection bypass", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2012/08/29/5" + "url": "http://article.gmane.org/gmane.comp.php.devel/70584", + "refsource": "MISC", + "name": "http://article.gmane.org/gmane.comp.php.devel/70584" }, { - "name": "[oss-security] 20120901 Re: php header() header injection detection bypass", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2012/09/02/1" + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html" }, { - "name": "SUSE-SU-2013:1315", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html" + "url": "http://openwall.com/lists/oss-security/2012/08/29/5", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2012/08/29/5" }, { - "name": "[internals] 20120203 [PHP-DEV] The case of HTTP response splitting protection in PHP", - "refsource": "MLIST", - "url": "http://article.gmane.org/gmane.comp.php.devel/70584" + "url": "http://openwall.com/lists/oss-security/2012/09/02/1", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2012/09/02/1" }, { - "name": "USN-1569-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1569-1" + "url": "http://openwall.com/lists/oss-security/2012/09/05/15", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2012/09/05/15" + }, + { + "url": "http://openwall.com/lists/oss-security/2012/09/07/3", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2012/09/07/3" + }, + { + "url": "http://security-tracker.debian.org/tracker/CVE-2012-4388", + "refsource": "MISC", + "name": "http://security-tracker.debian.org/tracker/CVE-2012-4388" + }, + { + "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986", + "refsource": "MISC", + "name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986" + }, + { + "url": "http://www.securitytracker.com/id?1027463", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id?1027463" + }, + { + "url": "https://bugs.php.net/bug.php?id=60227", + "refsource": "MISC", + "name": "https://bugs.php.net/bug.php?id=60227" } ] } diff --git a/2012/4xxx/CVE-2012-4398.json b/2012/4xxx/CVE-2012-4398.json index 88bf1871992..03ad10fd45e 100644 --- a/2012/4xxx/CVE-2012-4398.json +++ b/2012/4xxx/CVE-2012-4398.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4398", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,57 +27,81 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[linux-kernel] 20120207 [PATCH 5/5] kmod: make __request_module() killable", - "refsource": "MLIST", - "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1202.0/03340.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" }, { - "name": "RHSA-2013:0223", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-0223.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.4.tar.bz2", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.4.tar.bz2" + "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1202.0/03340.html", + "refsource": "MISC", + "name": "http://lkml.indiana.edu/hypermail/linux/kernel/1202.0/03340.html" }, { - "name": "[oss-security] 20120902 CVE Request -- kernel: request_module() OOM local DoS", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/02/3" + "url": "http://rhn.redhat.com/errata/RHSA-2013-0223.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0223.html" }, { - "name": "55077", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/55077" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1348.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1348.html" }, { - "name": "RHSA-2013:1348", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1348.html" + "url": "http://secunia.com/advisories/55077", + "refsource": "MISC", + "name": "http://secunia.com/advisories/55077" }, { - "name": "SUSE-SU-2015:0481", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.4.tar.bz2", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.4.tar.bz2" }, { - "name": "openSUSE-SU-2015:0566", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/02/3" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=853474", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853474" + "url": "http://www.securityfocus.com/bid/55361", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55361" }, { - "name": "55361", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/55361" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=853474", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=853474" } ] } diff --git a/2012/4xxx/CVE-2012-4404.json b/2012/4xxx/CVE-2012-4404.json index eb4fca2e84b..07a29270eef 100644 --- a/2012/4xxx/CVE-2012-4404.json +++ b/2012/4xxx/CVE-2012-4404.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4404", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,52 +27,76 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-1604-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1604-1" + "url": "http://moinmo.in/SecurityFixes", + "refsource": "MISC", + "name": "http://moinmo.in/SecurityFixes" }, { - "name": "50496", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50496" + "url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16", + "refsource": "MISC", + "name": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16" }, { - "name": "http://moinmo.in/SecurityFixes", - "refsource": "CONFIRM", - "url": "http://moinmo.in/SecurityFixes" + "url": "http://secunia.com/advisories/50474", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50474" }, { - "name": "DSA-2538", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2012/dsa-2538" + "url": "http://secunia.com/advisories/50496", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50496" }, { - "name": "[oss-security] 20120904 CVE request: moinmoin incorrect ACL evaluation for virtual groups", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/04/4" + "url": "http://secunia.com/advisories/50885", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50885" }, { - "name": "50885", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50885" + "url": "http://www.debian.org/security/2012/dsa-2538", + "refsource": "MISC", + "name": "http://www.debian.org/security/2012/dsa-2538" }, { - "name": "50474", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50474" + "url": "http://www.openwall.com/lists/oss-security/2012/09/04/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/04/4" }, { - "name": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16", - "refsource": "CONFIRM", - "url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16" + "url": "http://www.openwall.com/lists/oss-security/2012/09/05/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/05/2" }, { - "name": "[oss-security] 20120904 Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/05/2" + "url": "http://www.ubuntu.com/usn/USN-1604-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1604-1" } ] } diff --git a/2012/4xxx/CVE-2012-4405.json b/2012/4xxx/CVE-2012-4405.json index b3fb50b1c43..4ce0aaeb0e1 100644 --- a/2012/4xxx/CVE-2012-4405.json +++ b/2012/4xxx/CVE-2012-4405.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write" + "value": "Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Out-of-bounds Write", - "cweId": "CWE-787" + "value": "n/a" } ] } @@ -32,27 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 5", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:8.70-14.el5_8.1", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 6", - "version": { - "version_data": [ - { - "version_value": "0:8.70-14.el6_3.1", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -130,21 +118,6 @@ "refsource": "MISC", "name": "http://www.ubuntu.com/usn/USN-1581-1" }, - { - "url": "https://access.redhat.com/errata/RHSA-2012:1256", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2012:1256" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2012-4405", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2012-4405" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854227", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=854227" - }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78411", "refsource": "MISC", @@ -156,30 +129,5 @@ "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.8, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4406.json b/2012/4xxx/CVE-2012-4406.json index 361c3267a7c..a945a51a72e 100644 --- a/2012/4xxx/CVE-2012-4406.json +++ b/2012/4xxx/CVE-2012-4406.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2012-4406 Openstack-Swift: insecure use of python pickle()" + "value": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Deserialization of Untrusted Data", - "cweId": "CWE-502" + "value": "n/a" } ] } @@ -32,96 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Native Client for RHEL 5 for Red Hat Storage", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.3.0.7rhs-1.el5", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Native Client for RHEL 6 for Red Hat Storage", - "version": { - "version_data": [ - { - "version_value": "0:3.3.0.7rhs-1.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "OpenStack Essex for RHEL 6", - "version": { - "version_data": [ - { - "version_value": "0:1.4.8-5.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Storage 2.0", - "version": { - "version_data": [ - { - "version_value": "0:1.7.1-1.el6rhs", - "version_affected": "!" - }, - { - "version_value": "0:0.9.0-1.el6", - "version_affected": "!" - }, - { - "version_value": "0:3.3.0.7rhs-1.el6rhs", - "version_affected": "!" - }, - { - "version_value": "0:1.4.8-5.el6rhs", - "version_affected": "!" - }, - { - "version_value": "0:0.9.10-21.el6_3.8", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-73.el6rhs", - "version_affected": "!" - }, - { - "version_value": "0:2.3-4.el6_3", - "version_affected": "!" - }, - { - "version_value": "0:2.2-17.2.el6rhs", - "version_affected": "!" - }, - { - "version_value": "0:4.9.6-20.el6rhs", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Storage 2.0 Console", - "version": { - "version_data": [ - { - "version_value": "0:2.0.techpreview1-4", - "version_affected": "!" - }, - { - "version_value": "0:4.9.6-20.el6rhs", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -139,11 +58,6 @@ "refsource": "MISC", "name": "http://rhn.redhat.com/errata/RHSA-2013-0691.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2013:0691", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:0691" - }, { "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html", "refsource": "MISC", @@ -169,26 +83,11 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/55420" }, - { - "url": "https://access.redhat.com/errata/RHSA-2012:1379", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2012:1379" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2012-4406", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2012-4406" - }, { "url": "https://bugs.launchpad.net/swift/+bug/1006414", "refsource": "MISC", "name": "https://bugs.launchpad.net/swift/+bug/1006414" }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=854757" - }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140", "refsource": "MISC", @@ -203,31 +102,11 @@ "url": "https://launchpad.net/swift/+milestone/1.7.0", "refsource": "MISC", "name": "https://launchpad.net/swift/+milestone/1.7.0" - } - ] - }, - "impact": { - "cvss": [ + }, { - "accessComplexity": "LOW", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 7.5, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "version": "2.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=854757" } ] } diff --git a/2012/4xxx/CVE-2012-4414.json b/2012/4xxx/CVE-2012-4414.json index 903b8a5d673..0e746a4d4d7 100644 --- a/2012/4xxx/CVE-2012-4414.json +++ b/2012/4xxx/CVE-2012-4414.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4414", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete." + "value": "Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete." } ] }, @@ -50,67 +27,91 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://mariadb.atlassian.net/browse/MDEV-382", - "refsource": "CONFIRM", - "url": "https://mariadb.atlassian.net/browse/MDEV-382" - }, - { - "name": "http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", "refsource": "MISC", - "url": "http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/" + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { - "name": "MDVSA-2013:102", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102" - }, - { - "name": "openSUSE-SU-2013:0156", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html" - }, - { - "name": "openSUSE-SU-2013:0135", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html" - }, - { - "name": "openSUSE-SU-2013:0011", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html" - }, - { - "name": "openSUSE-SU-2013:0014", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html" - }, - { - "name": "[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/11/4" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=852144", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852144" - }, - { - "name": "http://bugs.mysql.com/bug.php?id=66550", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102", "refsource": "MISC", - "url": "http://bugs.mysql.com/bug.php?id=66550" + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102" }, { - "name": "MDVSA-2013:150", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + "url": "http://bugs.mysql.com/bug.php?id=66550", + "refsource": "MISC", + "name": "http://bugs.mysql.com/bug.php?id=66550" }, { - "name": "55498", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/55498" + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html" + }, + { + "url": "http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/", + "refsource": "MISC", + "name": "http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/09/11/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/11/4" + }, + { + "url": "http://www.securityfocus.com/bid/55498", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55498" + }, + { + "url": "https://mariadb.atlassian.net/browse/MDEV-382", + "refsource": "MISC", + "name": "https://mariadb.atlassian.net/browse/MDEV-382" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852144", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=852144" } ] } diff --git a/2012/4xxx/CVE-2012-4415.json b/2012/4xxx/CVE-2012-4415.json index c72eaa42704..0bab7407f38 100644 --- a/2012/4xxx/CVE-2012-4415.json +++ b/2012/4xxx/CVE-2012-4415.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4415", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,52 +27,76 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "55497", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/55497" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=856743", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0107.html", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856743" + "name": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0107.html" }, { - "name": "[oss-security] 20120911 Re: CVE id request: guacd", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/11/7" + "url": "http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac", + "refsource": "MISC", + "name": "http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac" }, { - "name": "FEDORA-2012-14097", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088272.html" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088031.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088031.html" }, { - "name": "http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac", - "refsource": "CONFIRM", - "url": "http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088218.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088218.html" }, { - "name": "[oss-security] 20120911 CVE id request: guacd", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/11/3" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088272.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088272.html" }, { - "name": "FEDORA-2012-13914", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088031.html" + "url": "http://www.openwall.com/lists/oss-security/2012/09/11/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/11/3" }, { - "name": "FEDORA-2012-14179", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088218.html" + "url": "http://www.openwall.com/lists/oss-security/2012/09/11/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/11/7" }, { - "name": "20120924 CVE-2012-4415: guacamole local root vulnerability", - "refsource": "BUGTRAQ", - "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0107.html" + "url": "http://www.securityfocus.com/bid/55497", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55497" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856743", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=856743" } ] } diff --git a/2012/4xxx/CVE-2012-4417.json b/2012/4xxx/CVE-2012-4417.json index 4f7851519b2..636723366be 100644 --- a/2012/4xxx/CVE-2012-4417.json +++ b/2012/4xxx/CVE-2012-4417.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2012-4417 GlusterFS: insecure temporary file creation" + "value": "GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Insecure Temporary File", - "cweId": "CWE-377" + "value": "n/a" } ] } @@ -32,42 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Native Client for RHEL 5 for Red Hat Storage", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.3.0.5rhs-37.el5", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Native Client for RHEL 6 for Red Hat Storage", - "version": { - "version_data": [ - { - "version_value": "0:3.3.0.5rhs-37.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Storage 2.0", - "version": { - "version_data": [ - { - "version_value": "0:3.3.0.5rhs-37.el6rhs", - "version_affected": "!" - }, - { - "version_value": "0:2.2-17.1.el6rhs", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -96,55 +69,14 @@ "name": "http://www.securitytracker.com/id?1027756" }, { - "url": "https://access.redhat.com/errata/RHSA-2012:1456", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074", "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2012:1456" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2012-4417", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2012-4417" + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856341", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=856341" - }, - { - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074", - "refsource": "MISC", - "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Jim Meyering and Kurt Seifried (Red Hat)." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "LOW", - "accessVector": "LOCAL", - "authentication": "NONE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 2.1, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "version": "2.0" } ] } diff --git a/2012/4xxx/CVE-2012-4418.json b/2012/4xxx/CVE-2012-4418.json index b8342be6d23..ec0122ab9b3 100644 --- a/2012/4xxx/CVE-2012-4418.json +++ b/2012/4xxx/CVE-2012-4418.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4418", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20120912 Re: CVE Request: Apache Axis2 XML Signature Wrapping Attack", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/13/1" - }, - { - "name": "[oss-security] 20120912 CVE Request: Apache Axis2 XML Signature Wrapping Attack", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/12/1" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=856755", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856755" - }, - { - "name": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf", + "url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf", "refsource": "MISC", - "url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf" + "name": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf" }, { - "name": "55508", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/55508" + "url": "http://www.openwall.com/lists/oss-security/2012/09/12/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/12/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/09/13/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/13/1" + }, + { + "url": "http://www.securityfocus.com/bid/55508", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55508" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856755", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=856755" } ] } diff --git a/2013/1xxx/CVE-2013-1828.json b/2013/1xxx/CVE-2013-1828.json index bb677a6c65d..a5a3ac49529 100644 --- a/2013/1xxx/CVE-2013-1828.json +++ b/2013/1xxx/CVE-2013-1828.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1828", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,47 +27,71 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://twitter.com/grsecurity/statuses/309805924749541376", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=726bc6b092da4c093eb74d13c07184b18c1af0f1", "refsource": "MISC", - "url": "http://twitter.com/grsecurity/statuses/309805924749541376" + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=726bc6b092da4c093eb74d13c07184b18c1af0f1" }, { - "name": "24747", - "refsource": "EXPLOIT-DB", - "url": "http://www.exploit-db.com/exploits/24747" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=919315", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919315" - }, - { - "name": "[oss-security] 20130307 Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS stack overflow", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/03/08/2" - }, - { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=726bc6b092da4c093eb74d13c07184b18c1af0f1", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=726bc6b092da4c093eb74d13c07184b18c1af0f1" - }, - { - "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4" - }, - { - "name": "http://grsecurity.net/~spender/sctp.c", + "url": "http://grsecurity.net/~spender/sctp.c", "refsource": "MISC", - "url": "http://grsecurity.net/~spender/sctp.c" + "name": "http://grsecurity.net/~spender/sctp.c" }, { - "name": "https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1" + "url": "http://twitter.com/grsecurity/statuses/309805924749541376", + "refsource": "MISC", + "name": "http://twitter.com/grsecurity/statuses/309805924749541376" + }, + { + "url": "http://www.exploit-db.com/exploits/24747", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/24747" + }, + { + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/03/08/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/03/08/2" + }, + { + "url": "https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/726bc6b092da4c093eb74d13c07184b18c1af0f1" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919315", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=919315" } ] } diff --git a/2013/1xxx/CVE-2013-1838.json b/2013/1xxx/CVE-2013-1838.json index 26d96a62678..90fdf00acd9 100644 --- a/2013/1xxx/CVE-2013-1838.json +++ b/2013/1xxx/CVE-2013-1838.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1838", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,77 +27,101 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)", - "refsource": "MLIST", - "url": "https://lists.launchpad.net/openstack/msg21892.html" - }, - { - "name": "58492", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/58492" - }, - { - "name": "https://bugs.launchpad.net/nova/+bug/1125468", - "refsource": "CONFIRM", - "url": "https://bugs.launchpad.net/nova/+bug/1125468" - }, - { - "name": "USN-1771-1", - "refsource": "UBUNTU", - "url": "http://ubuntu.com/usn/usn-1771-1" - }, - { - "name": "https://review.openstack.org/#/c/24453/", - "refsource": "CONFIRM", - "url": "https://review.openstack.org/#/c/24453/" - }, - { - "name": "52728", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/52728" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=919648", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648" + "name": "http://rhn.redhat.com/errata/RHSA-2013-0709.html" }, { - "name": "52580", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/52580" + "url": "http://secunia.com/advisories/52728", + "refsource": "MISC", + "name": "http://secunia.com/advisories/52728" }, { - "name": "91303", - "refsource": "OSVDB", - "url": "http://osvdb.org/91303" + "url": "http://osvdb.org/91303", + "refsource": "MISC", + "name": "http://osvdb.org/91303" }, { - "name": "https://review.openstack.org/#/c/24452/", - "refsource": "CONFIRM", - "url": "https://review.openstack.org/#/c/24452/" + "url": "http://secunia.com/advisories/52580", + "refsource": "MISC", + "name": "http://secunia.com/advisories/52580" }, { - "name": "nova-fixedips-dos(82877)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877" + "url": "http://ubuntu.com/usn/usn-1771-1", + "refsource": "MISC", + "name": "http://ubuntu.com/usn/usn-1771-1" }, { - "name": "RHSA-2013:0709", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html" + "url": "http://www.openwall.com/lists/oss-security/2013/03/14/18", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/03/14/18" }, { - "name": "https://review.openstack.org/#/c/24451/", - "refsource": "CONFIRM", - "url": "https://review.openstack.org/#/c/24451/" + "url": "http://www.securityfocus.com/bid/58492", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58492" }, { - "name": "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/03/14/18" + "url": "https://bugs.launchpad.net/nova/+bug/1125468", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/nova/+bug/1125468" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877" + }, + { + "url": "https://lists.launchpad.net/openstack/msg21892.html", + "refsource": "MISC", + "name": "https://lists.launchpad.net/openstack/msg21892.html" + }, + { + "url": "https://review.openstack.org/#/c/24451/", + "refsource": "MISC", + "name": "https://review.openstack.org/#/c/24451/" + }, + { + "url": "https://review.openstack.org/#/c/24452/", + "refsource": "MISC", + "name": "https://review.openstack.org/#/c/24452/" + }, + { + "url": "https://review.openstack.org/#/c/24453/", + "refsource": "MISC", + "name": "https://review.openstack.org/#/c/24453/" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=919648" } ] } diff --git a/2013/1xxx/CVE-2013-1839.json b/2013/1xxx/CVE-2013-1839.json index 77438d94d81..1a30d05e426 100644 --- a/2013/1xxx/CVE-2013-1839.json +++ b/2013/1xxx/CVE-2013-1839.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1839", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "58316", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/58316" + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html", + "refsource": "MISC", + "name": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html" }, { - "name": "52588", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/52588" + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html", + "refsource": "MISC", + "name": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html" }, { - "name": "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt", - "refsource": "CONFIRM", - "url": "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt" + "url": "http://secunia.com/advisories/52588", + "refsource": "MISC", + "name": "http://secunia.com/advisories/52588" }, { - "name": "20130305 Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc", - "refsource": "BUGTRAQ", - "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html" + "url": "http://www.openwall.com/lists/oss-security/2013/03/11/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/03/11/7" }, { - "name": "20130307 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc", - "refsource": "BUGTRAQ", - "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html" + "url": "http://www.securityfocus.com/bid/58316", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58316" }, { - "name": "[oss-security] 20130311 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/03/11/7" + "url": "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt" } ] } diff --git a/2013/1xxx/CVE-2013-1840.json b/2013/1xxx/CVE-2013-1840.json index 5700132293d..d107800603e 100644 --- a/2013/1xxx/CVE-2013-1840.json +++ b/2013/1xxx/CVE-2013-1840.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1840", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,62 +27,86 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "openstack-glance-api-info-disclosure(82878)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878" + "url": "http://osvdb.org/91304", + "refsource": "MISC", + "name": "http://osvdb.org/91304" }, { - "name": "https://review.openstack.org/#/c/24437/", - "refsource": "CONFIRM", - "url": "https://review.openstack.org/#/c/24437/" + "url": "http://rhn.redhat.com/errata/RHSA-2013-0707.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0707.html" }, { - "name": "USN-1764-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1764-1" + "url": "http://secunia.com/advisories/52565", + "refsource": "MISC", + "name": "http://secunia.com/advisories/52565" }, { - "name": "https://review.openstack.org/#/c/24438/", - "refsource": "CONFIRM", - "url": "https://review.openstack.org/#/c/24438/" + "url": "http://www.openwall.com/lists/oss-security/2013/03/14/15", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/03/14/15" }, { - "name": "https://bugs.launchpad.net/glance/+bug/1135541", - "refsource": "CONFIRM", - "url": "https://bugs.launchpad.net/glance/+bug/1135541" + "url": "http://www.securityfocus.com/bid/58490", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58490" }, { - "name": "52565", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/52565" + "url": "http://www.ubuntu.com/usn/USN-1764-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1764-1" }, { - "name": "RHSA-2013:0707", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-0707.html" + "url": "https://bugs.launchpad.net/glance/+bug/1135541", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/glance/+bug/1135541" }, { - "name": "91304", - "refsource": "OSVDB", - "url": "http://osvdb.org/91304" + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878" }, { - "name": "[oss-security] 20130314 [OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/03/14/15" + "url": "https://review.openstack.org/#/c/24437/", + "refsource": "MISC", + "name": "https://review.openstack.org/#/c/24437/" }, { - "name": "58490", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/58490" + "url": "https://review.openstack.org/#/c/24438/", + "refsource": "MISC", + "name": "https://review.openstack.org/#/c/24438/" }, { - "name": "https://review.openstack.org/#/c/24439/", - "refsource": "CONFIRM", - "url": "https://review.openstack.org/#/c/24439/" + "url": "https://review.openstack.org/#/c/24439/", + "refsource": "MISC", + "name": "https://review.openstack.org/#/c/24439/" } ] } diff --git a/2013/1xxx/CVE-2013-1841.json b/2013/1xxx/CVE-2013-1841.json index 6688e00b5f8..777b7aaa03e 100644 --- a/2013/1xxx/CVE-2013-1841.json +++ b/2013/1xxx/CVE-2013-1841.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1841", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=920683", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=920683" + "url": "http://www.openwall.com/lists/oss-security/2013/03/04/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/03/04/10" }, { - "name": "58309", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/58309" + "url": "http://www.openwall.com/lists/oss-security/2013/03/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/03/12/2" }, { - "name": "[oss-security] 20130304 Reverse lookup issue in Net::Server", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/03/04/10" + "url": "http://www.securityfocus.com/bid/58309", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58309" }, { - "name": "[oss-security] 20130311 Re: Reverse lookup issue in Net::Server", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/03/12/2" + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82900", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82900" }, { - "name": "netserver-cve20131841-security-bypass(82900)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82900" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=920683", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=920683" } ] } diff --git a/2013/1xxx/CVE-2013-1848.json b/2013/1xxx/CVE-2013-1848.json index dca05d5fa87..21d58c1b634 100644 --- a/2013/1xxx/CVE-2013-1848.json +++ b/2013/1xxx/CVE-2013-1848.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1848", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,82 +27,106 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc" + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" }, { - "name": "USN-1812-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1812-1" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" }, { - "name": "MDVSA-2013:176", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + "url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0928.html" }, { - "name": "RHSA-2013:1051", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1026.html" }, { - "name": "RHSA-2013:0928", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html" + "url": "http://www.ubuntu.com/usn/USN-1809-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1809-1" }, { - "name": "USN-1809-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1809-1" + "url": "http://www.ubuntu.com/usn/USN-1812-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1812-1" }, { - "name": "USN-1814-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1814-1" + "url": "http://www.ubuntu.com/usn/USN-1813-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1813-1" }, { - "name": "[oss-security] 20130320 CVE-2013-1848 -- Linux kernel: ext3: format string issues", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/03/20/8" + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4" }, { - "name": "USN-1813-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1813-1" + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0c2d10dd72c5292eda7a06231056a4c972e4cc", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0c2d10dd72c5292eda7a06231056a4c972e4cc" }, { - "name": "openSUSE-SU-2013:0925", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1051.html" }, { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0c2d10dd72c5292eda7a06231056a4c972e4cc", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d0c2d10dd72c5292eda7a06231056a4c972e4cc" + "url": "http://www.openwall.com/lists/oss-security/2013/03/20/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/03/20/8" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4" + "url": "http://www.ubuntu.com/usn/USN-1811-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1811-1" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=920783", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=920783" + "url": "http://www.ubuntu.com/usn/USN-1814-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1814-1" }, { - "name": "RHSA-2013:1026", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html" + "url": "https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/8d0c2d10dd72c5292eda7a06231056a4c972e4cc" }, { - "name": "USN-1811-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1811-1" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=920783", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=920783" } ] } diff --git a/2013/1xxx/CVE-2013-1854.json b/2013/1xxx/CVE-2013-1854.json index d24f30c5900..8d823eced7e 100644 --- a/2013/1xxx/CVE-2013-1854.json +++ b/2013/1xxx/CVE-2013-1854.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected." + "value": "The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Uncontrolled Resource Consumption", - "cweId": "CWE-400" + "value": "n/a" } ] } @@ -32,55 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Subscription Asset Manager 1.4", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:1.4.3.28-1.el6sam_splice", - "version_affected": "!" - }, - { - "version_value": "1:3.2.17-1.el6sam", - "version_affected": "!" - }, - { - "version_value": "1:3.2.17-6.el6sam", - "version_affected": "!" - }, - { - "version_value": "1:3.2.17-5.el6sam", - "version_affected": "!" - }, - { - "version_value": "1:3.2.17-2.el6sam", - "version_affected": "!" - }, - { - "version_value": "0:0.6.9-1.el6sam", - "version_affected": "!" - }, - { - "version_value": "0:2.5.4-1.el6sam", - "version_affected": "!" - }, - { - "version_value": "1:1.4.5-3.el6sam", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "RHEL 6 Version of OpenShift Enterprise", - "version": { - "version_data": [ - { - "version_value": "1:3.2.8-6.el6", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -148,56 +108,11 @@ "refsource": "MISC", "name": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2013:0699", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:0699" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2014:1863", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2014:1863" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2013-1854", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2013-1854" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=921329" - }, { "url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain", "refsource": "MISC", "name": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1858.json b/2013/1xxx/CVE-2013-1858.json index 429460ba29f..1f6cd052c1f 100644 --- a/2013/1xxx/CVE-2013-1858.json +++ b/2013/1xxx/CVE-2013-1858.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1858", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e66eded8309ebf679d3d3c1f5820d1f2ca332c71", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e66eded8309ebf679d3d3c1f5820d1f2ca332c71" - }, - { - "name": "[oss-security] 20130314 Re: CLONE_NEWUSER|CLONE_FS root exploit", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/03/14/6" - }, - { - "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3" - }, - { - "name": "http://stealth.openwall.net/xSports/clown-newuser.c", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3", "refsource": "MISC", - "url": "http://stealth.openwall.net/xSports/clown-newuser.c" + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3" }, { - "name": "https://github.com/torvalds/linux/commit/e66eded8309ebf679d3d3c1f5820d1f2ca332c71", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/e66eded8309ebf679d3d3c1f5820d1f2ca332c71" + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e66eded8309ebf679d3d3c1f5820d1f2ca332c71", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e66eded8309ebf679d3d3c1f5820d1f2ca332c71" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=921448", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921448" + "url": "http://stealth.openwall.net/xSports/clown-newuser.c", + "refsource": "MISC", + "name": "http://stealth.openwall.net/xSports/clown-newuser.c" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/03/14/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/03/14/6" + }, + { + "url": "https://github.com/torvalds/linux/commit/e66eded8309ebf679d3d3c1f5820d1f2ca332c71", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/e66eded8309ebf679d3d3c1f5820d1f2ca332c71" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921448", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=921448" } ] } diff --git a/2013/1xxx/CVE-2013-1860.json b/2013/1xxx/CVE-2013-1860.json index 9f5eb6d9670..d4c05947b21 100644 --- a/2013/1xxx/CVE-2013-1860.json +++ b/2013/1xxx/CVE-2013-1860.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1860", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,82 +27,106 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=921970", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921970" + "url": "http://www.ubuntu.com/usn/USN-1809-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1809-1" }, { - "name": "USN-1812-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1812-1" + "url": "http://www.ubuntu.com/usn/USN-1812-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1812-1" }, { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c0f5ecee4e741667b2493c742b60b6218d40b3aa", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c0f5ecee4e741667b2493c742b60b6218d40b3aa" + "url": "http://www.ubuntu.com/usn/USN-1813-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1813-1" }, { - "name": "RHSA-2014:0328", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0328.html" + "url": "http://www.ubuntu.com/usn/USN-1829-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1829-1" }, { - "name": "MDVSA-2013:176", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4" }, { - "name": "USN-1829-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1829-1" + "url": "http://www.ubuntu.com/usn/USN-1811-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1811-1" }, { - "name": "[oss-security] 20130314 Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/03/15/3" + "url": "http://www.ubuntu.com/usn/USN-1814-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1814-1" }, { - "name": "58510", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/58510" + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c0f5ecee4e741667b2493c742b60b6218d40b3aa", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c0f5ecee4e741667b2493c742b60b6218d40b3aa" }, { - "name": "USN-1809-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1809-1" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0328.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0328.html" }, { - "name": "USN-1814-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1814-1" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0339.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0339.html" }, { - "name": "RHSA-2014:0339", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0339.html" + "url": "http://www.openwall.com/lists/oss-security/2013/03/15/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/03/15/3" }, { - "name": "USN-1813-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1813-1" + "url": "http://www.securityfocus.com/bid/58510", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58510" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4" + "url": "https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa" }, { - "name": "USN-1811-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1811-1" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921970", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=921970" } ] } diff --git a/2013/4xxx/CVE-2013-4351.json b/2013/4xxx/CVE-2013-4351.json index a5b98c04ba1..35092908fff 100644 --- a/2013/4xxx/CVE-2013-4351.json +++ b/2013/4xxx/CVE-2013-4351.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4351", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,52 +27,76 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138", - "refsource": "CONFIRM", - "url": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1459.html" }, { - "name": "openSUSE-SU-2013:1532", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html" + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html" }, { - "name": "USN-1987-1", - "refsource": "UBUNTU", - "url": "http://ubuntu.com/usn/usn-1987-1" + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00006.html" }, { - "name": "DSA-2773", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2013/dsa-2773" + "url": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138", + "refsource": "MISC", + "name": "http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17712/focus=18138" }, { - "name": "[oss-security] 20130913 Re: GnuPG treats no-usage-permitted keys as all-usages-permitted", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/09/13/4" + "url": "http://ubuntu.com/usn/usn-1987-1", + "refsource": "MISC", + "name": "http://ubuntu.com/usn/usn-1987-1" }, { - "name": "RHSA-2013:1459", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1459.html" + "url": "http://www.debian.org/security/2013/dsa-2773", + "refsource": "MISC", + "name": "http://www.debian.org/security/2013/dsa-2773" }, { - "name": "openSUSE-SU-2013:1526", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00003.html" + "url": "http://www.debian.org/security/2013/dsa-2774", + "refsource": "MISC", + "name": "http://www.debian.org/security/2013/dsa-2774" }, { - "name": "DSA-2774", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2013/dsa-2774" + "url": "http://www.openwall.com/lists/oss-security/2013/09/13/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/09/13/4" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1010137" } ] } diff --git a/2013/4xxx/CVE-2013-4354.json b/2013/4xxx/CVE-2013-4354.json index e1deecb1949..a47e97dc56a 100644 --- a/2013/4xxx/CVE-2013-4354.json +++ b/2013/4xxx/CVE-2013-4354.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4354", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,22 +27,46 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20130919 Re: OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/09/19/3" + "url": "http://www.openwall.com/lists/oss-security/2013/09/19/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/09/19/2" }, { - "name": "https://bugs.launchpad.net/glance/+bug/1226078", - "refsource": "CONFIRM", - "url": "https://bugs.launchpad.net/glance/+bug/1226078" + "url": "http://www.openwall.com/lists/oss-security/2013/09/19/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/09/19/3" }, { - "name": "[oss-security] 20130919 OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/09/19/2" + "url": "https://bugs.launchpad.net/glance/+bug/1226078", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/glance/+bug/1226078" } ] } diff --git a/2013/4xxx/CVE-2013-4357.json b/2013/4xxx/CVE-2013-4357.json index 096e690aa47..cd413eabfa3 100644 --- a/2013/4xxx/CVE-2013-4357.json +++ b/2013/4xxx/CVE-2013-4357.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4357", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "eglibc", - "product": { - "product_data": [ - { - "product_name": "eglibc", - "version": { - "version_data": [ - { - "version_value": "before 2.14" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,12 +27,86 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "eglibc", + "product": { + "product_data": [ + { + "product_name": "eglibc", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before 2.14" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2013-4357", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html", "refsource": "MISC", - "name": "https://security-tracker.debian.org/tracker/CVE-2013-4357" + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/09/17/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/09/17/4" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/09/17/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/09/17/8" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2015/01/28/18", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/01/28/18" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2015/01/29/21", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/01/29/21" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2015/02/24/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/02/24/3" + }, + { + "url": "http://www.securityfocus.com/bid/67992", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/67992" + }, + { + "url": "http://www.ubuntu.com/usn/USN-2306-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2306-1" + }, + { + "url": "http://www.ubuntu.com/usn/USN-2306-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2306-2" + }, + { + "url": "http://www.ubuntu.com/usn/USN-2306-3", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2306-3" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2013-4357", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2013-4357" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357", @@ -68,64 +119,14 @@ "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357" }, { - "url": "https://access.redhat.com/security/cve/cve-2013-4357", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95103", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/cve-2013-4357" + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95103" }, { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-4357", "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2015/01/28/18", - "url": "http://www.openwall.com/lists/oss-security/2015/01/28/18" - }, - { - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2015/01/29/21", - "url": "http://www.openwall.com/lists/oss-security/2015/01/29/21" - }, - { - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2015/02/24/3", - "url": "http://www.openwall.com/lists/oss-security/2015/02/24/3" - }, - { - "refsource": "MISC", - "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95103", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95103" - }, - { - "refsource": "MISC", - "name": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html" - }, - { - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2013/09/17/4", - "url": "http://www.openwall.com/lists/oss-security/2013/09/17/4" - }, - { - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2013/09/17/8", - "url": "http://www.openwall.com/lists/oss-security/2013/09/17/8" - }, - { - "refsource": "MISC", - "name": "http://www.securityfocus.com/bid/67992", - "url": "http://www.securityfocus.com/bid/67992" - }, - { - "refsource": "MISC", - "name": "http://www.ubuntu.com/usn/USN-2306-1", - "url": "http://www.ubuntu.com/usn/USN-2306-1" - }, - { - "refsource": "MISC", - "name": "http://www.ubuntu.com/usn/USN-2306-2", - "url": "http://www.ubuntu.com/usn/USN-2306-2" - }, - { - "refsource": "MISC", - "name": "http://www.ubuntu.com/usn/USN-2306-3", - "url": "http://www.ubuntu.com/usn/USN-2306-3" + "name": "https://security-tracker.debian.org/tracker/CVE-2013-4357" } ] } diff --git a/2013/4xxx/CVE-2013-4359.json b/2013/4xxx/CVE-2013-4359.json index 6f193f2c878..bc8d4f41c4e 100644 --- a/2013/4xxx/CVE-2013-4359.json +++ b/2013/4xxx/CVE-2013-4359.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4359", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/", + "url": "http://bugs.proftpd.org/show_bug.cgi?id=3973", "refsource": "MISC", - "url": "http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/" + "name": "http://bugs.proftpd.org/show_bug.cgi?id=3973" }, { - "name": "[oss-security] 20130916 Re: CVE request: proftpd: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/09/17/6" + "url": "http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/", + "refsource": "MISC", + "name": "http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/" }, { - "name": "DSA-2767", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2013/dsa-2767" + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html" }, { - "name": "openSUSE-SU-2015:1031", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html" + "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html" }, { - "name": "openSUSE-SU-2013:1563", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html" + "url": "http://www.debian.org/security/2013/dsa-2767", + "refsource": "MISC", + "name": "http://www.debian.org/security/2013/dsa-2767" }, { - "name": "http://bugs.proftpd.org/show_bug.cgi?id=3973", - "refsource": "CONFIRM", - "url": "http://bugs.proftpd.org/show_bug.cgi?id=3973" + "url": "http://www.openwall.com/lists/oss-security/2013/09/17/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/09/17/6" } ] } diff --git a/2013/4xxx/CVE-2013-4361.json b/2013/4xxx/CVE-2013-4361.json index 20d8ac79b6e..6848d9b801a 100644 --- a/2013/4xxx/CVE-2013-4361.json +++ b/2013/4xxx/CVE-2013-4361.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4361", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "GLSA-201407-03", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" }, { - "name": "SUSE-SU-2014:0446", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + "url": "http://www.debian.org/security/2014/dsa-3006", + "refsource": "MISC", + "name": "http://www.debian.org/security/2014/dsa-3006" }, { - "name": "[oss-security] 20130930 Xen Security Advisory 66 (CVE-2013-4361) - Information leak through fbld instruction emulation", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/09/30/3" + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html" }, { - "name": "DSA-3006", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2014/dsa-3006" + "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201407-03.xml" }, { - "name": "openSUSE-SU-2013:1636", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html" + "url": "http://www.openwall.com/lists/oss-security/2013/09/30/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/09/30/3" } ] } diff --git a/2013/4xxx/CVE-2013-4362.json b/2013/4xxx/CVE-2013-4362.json index f4ed8d60fba..c8c43366c7b 100644 --- a/2013/4xxx/CVE-2013-4362.json +++ b/2013/4xxx/CVE-2013-4362.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4362", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "DSA-2765", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2013/dsa-2765" + "url": "http://osvdb.org/97416", + "refsource": "MISC", + "name": "http://osvdb.org/97416" }, { - "name": "97417", - "refsource": "OSVDB", - "url": "http://osvdb.org/97417" + "url": "http://osvdb.org/97417", + "refsource": "MISC", + "name": "http://osvdb.org/97417" }, { - "name": "97416", - "refsource": "OSVDB", - "url": "http://osvdb.org/97416" + "url": "http://savannah.nongnu.org/bugs/?40034", + "refsource": "MISC", + "name": "http://savannah.nongnu.org/bugs/?40034" }, { - "name": "GLSA-201612-02", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201612-02" + "url": "http://seclists.org/oss-sec/2013/q3/627", + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2013/q3/627" }, { - "name": "[oss-security] 20130918 Re: CVE request: davfs2 - Unsecure use of system()", - "refsource": "MLIST", - "url": "http://seclists.org/oss-sec/2013/q3/627" + "url": "http://www.debian.org/security/2013/dsa-2765", + "refsource": "MISC", + "name": "http://www.debian.org/security/2013/dsa-2765" }, { - "name": "http://savannah.nongnu.org/bugs/?40034", - "refsource": "CONFIRM", - "url": "http://savannah.nongnu.org/bugs/?40034" + "url": "http://www.securityfocus.com/bid/62445", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/62445" }, { - "name": "62445", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/62445" + "url": "https://security.gentoo.org/glsa/201612-02", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201612-02" } ] } diff --git a/2013/4xxx/CVE-2013-4364.json b/2013/4xxx/CVE-2013-4364.json index 057f465a8db..06bd3424d79 100644 --- a/2013/4xxx/CVE-2013-4364.json +++ b/2013/4xxx/CVE-2013-4364.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4364", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,12 +27,36 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1009734", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1009734" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1009734", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1009734" } ] } diff --git a/2013/4xxx/CVE-2013-4368.json b/2013/4xxx/CVE-2013-4368.json index 9d9d2a4ef29..62e8a45df74 100644 --- a/2013/4xxx/CVE-2013-4368.json +++ b/2013/4xxx/CVE-2013-4368.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4368", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,52 +27,76 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "SUSE-SU-2014:0470", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" }, { - "name": "GLSA-201407-03", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" }, { - "name": "[oss-security] 20131010 Xen Security Advisory 67 (CVE-2013-4368) - Information leak through outs instruction emulation", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/10/10/10" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" }, { - "name": "xen-cve20134368-info-disc(87799)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87799" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1449.html" }, { - "name": "RHSA-2013:1449", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html" + "url": "http://www.debian.org/security/2014/dsa-3006", + "refsource": "MISC", + "name": "http://www.debian.org/security/2014/dsa-3006" }, { - "name": "SUSE-SU-2014:0446", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html" }, { - "name": "DSA-3006", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2014/dsa-3006" + "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201407-03.xml" }, { - "name": "SUSE-SU-2014:0411", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" + "url": "http://www.openwall.com/lists/oss-security/2013/10/10/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/10/10" }, { - "name": "openSUSE-SU-2013:1636", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html" + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87799", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87799" } ] } diff --git a/2013/4xxx/CVE-2013-4369.json b/2013/4xxx/CVE-2013-4369.json index b79ccbe97b9..5a25e2a366a 100644 --- a/2013/4xxx/CVE-2013-4369.json +++ b/2013/4xxx/CVE-2013-4369.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4369", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,22 +27,46 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "xen-cve20134369-dos(87798)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87798" + "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201407-03.xml" }, { - "name": "GLSA-201407-03", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml" + "url": "http://www.openwall.com/lists/oss-security/2013/10/10/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/10/11" }, { - "name": "[oss-security] 20131010 Xen Security Advisory 68 (CVE-2013-4369) - possible null dereference when parsing vif ratelimiting info", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/10/10/11" + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87798", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87798" } ] } diff --git a/2018/14xxx/CVE-2018-14625.json b/2018/14xxx/CVE-2018-14625.json index a8d3db15d62..e004303ca9e 100644 --- a/2018/14xxx/CVE-2018-14625.json +++ b/2018/14xxx/CVE-2018-14625.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly impersonate AF_VSOCK messages destined to other clients or leak kernel memory." + "value": "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Use After Free", + "value": "CWE-416", "cweId": "CWE-416" } ] @@ -32,24 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "[UNKNOWN]", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "kernel", "version": { "version_data": [ { - "version_value": "0:3.10.0-1062.rt56.1022.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-1062.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.14.0-115.16.1.el7a", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -97,16 +89,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2019:4154" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-14625", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-14625" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619846", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1619846" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625", "refsource": "MISC", diff --git a/2018/14xxx/CVE-2018-14628.json b/2018/14xxx/CVE-2018-14628.json index 43cb18e8744..d037599636e 100644 --- a/2018/14xxx/CVE-2018-14628.json +++ b/2018/14xxx/CVE-2018-14628.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-14628", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862", + "cweId": "CWE-862" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "All versions from 4.0.0 onwards" } ] @@ -30,37 +52,17 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-862" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.samba.org/show_bug.cgi?id=13595", "refsource": "MISC", - "name": "https://bugzilla.samba.org/show_bug.cgi?id=13595", - "url": "https://bugzilla.samba.org/show_bug.cgi?id=13595" + "name": "https://bugzilla.samba.org/show_bug.cgi?id=13595" }, { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625445", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1625445", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625445" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store." + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1625445" } ] } diff --git a/2018/14xxx/CVE-2018-14634.json b/2018/14xxx/CVE-2018-14634.json index 4f9d4644ae1..05a54b1f47e 100644 --- a/2018/14xxx/CVE-2018-14634.json +++ b/2018/14xxx/CVE-2018-14634.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system." + "value": "An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Integer Overflow or Wraparound", + "value": "CWE-190", "cweId": "CWE-190" } ] @@ -32,152 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "The Linux Foundation", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "kernel", "version": { "version_data": [ { - "version_value": "0:2.6.32-754.6.3.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", - "version": { - "version_data": [ - { - "version_value": "0:2.6.32-358.94.1.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", - "version": { - "version_data": [ - { - "version_value": "0:2.6.32-431.93.2.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", - "version": { - "version_data": [ - { - "version_value": "0:2.6.32-504.76.2.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 6.6 Telco Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:2.6.32-504.76.2.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:2.6.32-573.65.2.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-862.14.4.rt56.821.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-862.14.4.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-327.76.1.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-327.76.1.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-327.76.1.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.3 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-514.61.1.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-693.43.1.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-693.43.1.rt56.630.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "2.6.x, 3.10.x, 4.14.x" } ] } @@ -270,21 +134,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2018:3643" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-14634", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-14634" - }, - { - "url": "https://access.redhat.com/security/vulnerabilities/mutagen-astronomy", - "refsource": "MISC", - "name": "https://access.redhat.com/security/vulnerabilities/mutagen-astronomy" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624498", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1624498" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634", "refsource": "MISC", @@ -317,18 +166,6 @@ } ] }, - "work_around": [ - { - "lang": "en", - "value": "To mitigate the issue:\n\nEnable and install kernel-debuginfo packages as per https://access.redhat.com/solutions/666123\n\n1) On the host, save the following in a file with the \".stp\" extension:\n\n// CVE-2018-14634\n//\n// Theory of operations: adjust the thread's # rlimit-in-effect around\n// calls to the vulnerable get_arg_page() function so as to encompass\n// the newly required _STK_LIM / 4 * 3 maximum.\n\n// Complication: the rlimit is stored in a current-> structure that\n// is shared across the threads of the process. They may concurrently\n// invoke this operation.\n\nfunction clamp_stack_rlim_cur:long ()\n%{\n struct rlimit *rlim = current->signal->rlim;\n unsigned long rlim_cur = READ_ONCE(rlim[RLIMIT_STACK].rlim_cur);\n\n unsigned long limit = _STK_LIM / 4 * 3;\n limit *= 4; // multiply it back up, to the scale used by rlim_cur\n\n if (rlim_cur > limit) {\n WRITE_ONCE(rlim[RLIMIT_STACK].rlim_cur, limit);\n STAP_RETURN(limit);\n } else\n STAP_RETURN(0);\n%}\n\nprobe kernel.function(\"copy_strings\").call\n{\n l = clamp_stack_rlim_cur()\n if (l)\n printf(\"lowered process %s(%d) STACK rlim_cur to %p\\n\",\n execname(), pid(), l)\n}\n\nprobe begin {\n\tprintf(\"CVE-2018-14634 mitigation loaded\\n\")\n\n}\n\nprobe end {\n\tprintf(\"CVE-2018-14634 mitigation unloaded\\n\")\n}\n\n2) Install the \"systemtap\" package and any required dependencies. Refer\nto the \"2. Using SystemTap\" chapter in the Red Hat Enterprise Linux\n\"SystemTap Beginners Guide\" document, available from docs.redhat.com,\nfor information on installing the required -debuginfo and matching kernel-devel packages\n\n3) Run the \"stap -g [filename-from-step-1].stp\" command as root.\n\nIf the host is rebooted, the changes will be lost and the script must be\nrun again.\n\n\nAlternatively, build the systemtap script on a development system with\n\"stap -g -p 4 [filename-from-step-1].stp\", distribute the resulting\nkernel module to all affected systems, and run \"staprun -L \" on those.\nWhen using this approach only systemtap-runtime package is required on\nthe affected systems. Please notice that the kernel version must be the same\nacross all systems.\n\n\nThis may not be a suitable workaround if your application uses massive amounts of stack space. Please consider this if there are any adverse affects when running this mitigation." - } - ], - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Qualys Research Labs for reporting this issue." - } - ], "impact": { "cvss": [ { diff --git a/2018/14xxx/CVE-2018-14649.json b/2018/14xxx/CVE-2018-14649.json index f1f0d3ac610..34584263104 100644 --- a/2018/14xxx/CVE-2018-14649.json +++ b/2018/14xxx/CVE-2018-14649.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "It was found that rbd-target-api service provided by ceph-iscsi-cli was running in debug mode. An unauthenticated attacker could use this to remotely execute arbitrary code and escalate privileges." + "value": "It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "value": "CWE-77", "cweId": "CWE-77" } ] @@ -32,27 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "[UNKNOWN]", "product": { "product_data": [ { - "product_name": "Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7", + "product_name": "ceph-iscsi-cli", "version": { "version_data": [ { - "version_value": "0:2.0-7.el7cp", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Ceph Storage 3.1", - "version": { - "version_data": [ - { - "version_value": "0:2.7-7.el7cp", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -85,16 +74,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2018:2838" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-14649", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-14649" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632078", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1632078" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649", "refsource": "MISC", @@ -112,12 +91,6 @@ } ] }, - "work_around": [ - { - "lang": "en", - "value": "To stop werkzeug debug mode started by rbd-target-api which is provided by ceph-iscsi-cli:\n\n1. ~]# systemctl stop rbd-target-api\n\n2. ~]# vi /usr/bin/rbd-target-api\n\n# Start the API server\n...\n737 app.run(host='0.0.0.0',\n738 port=settings.config.api_port,\n739 debug=True, <==== change this to debug=False\n use_evalex=False, <=== add this line to disable debugger code execution\n740 use_reloader=False,\n741 ssl_context=context)\n...\n\nafter changes it should be\n\n# Start the API server\n...\n737 app.run(host='0.0.0.0',\n738 port=settings.config.api_port,\n739 debug=False, \n use_evalex=False,\n740 use_reloader=False,\n741 ssl_context=context)\n...\n\n3. ~]# systemctl start rbd-target-api\n\n4. Limit exposure of port 5000/tcp: This port should be opened to trusted hosts which require to run 'gwcli'." - } - ], "impact": { "cvss": [ { diff --git a/2018/1xxx/CVE-2018-1097.json b/2018/1xxx/CVE-2018-1097.json index c53d4864b7e..5a68e3afa96 100644 --- a/2018/1xxx/CVE-2018-1097.json +++ b/2018/1xxx/CVE-2018-1097.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2018-1097 foreman: Ovirt admin password exposed by foreman API" + "value": "A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "value": "CWE-200", "cweId": "CWE-200" } ] @@ -32,1136 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "Foreman Project", "product": { "product_data": [ { - "product_name": "Red Hat Satellite 6.4 for RHEL 7", + "product_name": "foreman", "version": { "version_data": [ { - "version_value": "0:1.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.8-1.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.7.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.18.0.37-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:201801241201-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.18.0.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.18.0.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.12.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:332.14-12.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.7.0-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.6.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.7.0.10-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.0.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0-2.585svn.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.0-3.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.1.0-1.el7", - "version_affected": "!" - }, - { - "version_value": "1:20.4-1.6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.12-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.6.11-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2017.1-2.atomic.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.16.4.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1.4.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.16.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.16.4.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.5.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.1-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.16-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.2.1-1.20140510git08b00d9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.3.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.2-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.3-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:3.5.0.3-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.2-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.11.11-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:0.10.1-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.3-12.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.3.7-1.el7ui", - "version_affected": "!" - }, - { - "version_value": "0:0.5.0-5.pulp.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.23-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.7.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.6-11.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:4.0.2-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.10.5-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.211-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.32-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.35.0-5.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.2.0-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:12.2.0-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:12.1.0-5.el7_2", - "version_affected": "!" - }, - { - "version_value": "0:1.1.3-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.5-4.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.36.0-19.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.8.0-19.el7", - "version_affected": "!" - }, - { - "version_value": "0:0.16.0-12.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.9-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.6-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.3-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.1-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.0.3-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.5-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.7.8-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.3-22.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.19-7.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.12.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.7-9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.6-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.4-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.7-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.18-24.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.17-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.6.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.3-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.2.2-41.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.7-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.6.7-7.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.10.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.4.7-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.2-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.9-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.11-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.7-2.git.0.3b416c9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.22-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.4.0-15.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.4.0.7-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.11.6-17.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.1.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:8.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.2.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.12.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.7.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.7.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.7.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2016.0521-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.8.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.7.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.13-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.20.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.6-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.8-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.5.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.4-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.5-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.0-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.3.6-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.3-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.0.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.2-19.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:1.0.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.5-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.7-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.7.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.3-9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.8.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.1.11-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:0.2.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.7-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.3-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.0-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.0.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.28.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.20160310-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.5.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.58.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.16-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.0-11.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.42.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.45.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.25-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.4-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.3.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.3-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.2-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.9-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:12.0.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:12.0.2.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.1.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.14.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.10.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.13-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.6-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.13.4.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:6.0.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.1.11-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.1-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.1.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.5-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.8.2-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.13.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.3.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.13.2.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.8-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3.3-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.6-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.12-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.3-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.13.4.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.8.0-10.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.3-11.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.10-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.0-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.7.0.41-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.3-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.7-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.9-12.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.2-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.15.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.0.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.11.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.0.1-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.2.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.4-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.21.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.3.5-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.36.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.2.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.1-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.0.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.2.1-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.7-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.10.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.6-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.1.4-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.4.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.2.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.2.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.0.0-20.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.7.0-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.10.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.8.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.1.3-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.0.5-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:5.7.1-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:4.10.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.6.0-9.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.9.0-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.4-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:2.1.2-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.1.3-6.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.0.6-8.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.4.4.1-5.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.16.8-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.0-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.9.8-4.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.3.2-1.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:3.1.5-2.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:1.5.5-3.el7sat", - "version_affected": "!" - }, - { - "version_value": "1:3.14.5.10-19.el7sat", - "version_affected": "!" - }, - { - "version_value": "0:0.5.1-7.el7sat", - "version_affected": "!" + "version_affected": "=", + "version_value": "before 1.16.1" } ] } @@ -1179,16 +59,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2018:2927" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-1097", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-1097" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561723", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1561723" - }, { "url": "https://github.com/theforeman/foreman/pull/5369", "refsource": "MISC", @@ -1198,24 +68,11 @@ "url": "https://projects.theforeman.org/issues/22546", "refsource": "MISC", "name": "https://projects.theforeman.org/issues/22546" - } - ] - }, - "impact": { - "cvss": [ + }, { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561723", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1561723" } ] } diff --git a/2018/1xxx/CVE-2018-1098.json b/2018/1xxx/CVE-2018-1098.json index 01249fce90e..4aefae79ab1 100644 --- a/2018/1xxx/CVE-2018-1098.json +++ b/2018/1xxx/CVE-2018-1098.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2018-02-25T00:00:00", "ID": "CVE-2018-1098", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "etcd", - "version": { - "version_data": [ - { - "version_value": "3.3.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,33 +21,58 @@ "description": [ { "lang": "eng", - "value": "CWE-352" + "value": "CWE-352", + "cweId": "CWE-352" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "etcd", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.3.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552714", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552714" + "url": "https://github.com/coreos/etcd/issues/9353", + "refsource": "MISC", + "name": "https://github.com/coreos/etcd/issues/9353" }, { - "name": "https://github.com/coreos/etcd/issues/9353", - "refsource": "CONFIRM", - "url": "https://github.com/coreos/etcd/issues/9353" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-833466697f", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-219b0b0b6a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552714", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552714" } ] } diff --git a/2018/1xxx/CVE-2018-1100.json b/2018/1xxx/CVE-2018-1100.json index af05750fe1b..ae7650963f6 100644 --- a/2018/1xxx/CVE-2018-1100.json +++ b/2018/1xxx/CVE-2018-1100.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom \"you have new mail\" message, leads to code execution in the context of the user who receives the message. If the user affected is privileged, this leads to privilege escalation." + "value": "zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Stack-based Buffer Overflow", - "cweId": "CWE-121" + "value": "CWE-120->CWE-121", + "cweId": "CWE-120" } ] } @@ -32,27 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "zsh", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "zsh", "version": { "version_data": [ { - "version_value": "0:4.3.11-8.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:5.0.2-31.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "through 5.4.2" } ] } @@ -85,16 +74,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2018:1932" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-1100", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-1100" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395" - }, { "url": "https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/", "refsource": "MISC", @@ -104,30 +83,11 @@ "url": "https://usn.ubuntu.com/3764-1/", "refsource": "MISC", "name": "https://usn.ubuntu.com/3764-1/" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Richard Maciel Costa (Red Hat)." - } - ], - "impact": { - "cvss": [ + }, { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395" } ] } diff --git a/2018/1xxx/CVE-2018-1114.json b/2018/1xxx/CVE-2018-1114.json index 62a8c32a361..4cb7e1f6481 100644 --- a/2018/1xxx/CVE-2018-1114.json +++ b/2018/1xxx/CVE-2018-1114.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1114", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "undertow", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,59 +15,92 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-400" + "value": "CWE-400", + "cweId": "CWE-400" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "undertow", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114" - }, - { - "name": "RHSA-2018:2669", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2669" - }, - { - "name": "RHSA-2018:2643", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:2643" - }, - { - "name": "https://issues.jboss.org/browse/UNDERTOW-1338", + "url": "https://access.redhat.com/errata/RHSA-2018:2643", "refsource": "MISC", - "url": "https://issues.jboss.org/browse/UNDERTOW-1338" + "name": "https://access.redhat.com/errata/RHSA-2018:2643" }, { - "name": "https://bugs.openjdk.java.net/browse/JDK-6956385", + "url": "https://access.redhat.com/errata/RHSA-2018:2669", "refsource": "MISC", - "url": "https://bugs.openjdk.java.net/browse/JDK-6956385" + "name": "https://access.redhat.com/errata/RHSA-2018:2669" }, { - "refsource": "REDHAT", - "name": "RHSA-2019:0877", - "url": "https://access.redhat.com/errata/RHSA-2019:0877" + "url": "https://access.redhat.com/errata/RHSA-2019:0877", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2019:0877" + }, + { + "url": "https://bugs.openjdk.java.net/browse/JDK-6956385", + "refsource": "MISC", + "name": "https://bugs.openjdk.java.net/browse/JDK-6956385" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114" + }, + { + "url": "https://issues.jboss.org/browse/UNDERTOW-1338", + "refsource": "MISC", + "name": "https://issues.jboss.org/browse/UNDERTOW-1338" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" } ] } diff --git a/2018/1xxx/CVE-2018-1118.json b/2018/1xxx/CVE-2018-1118.json index 2b05212c53e..cacb851b208 100644 --- a/2018/1xxx/CVE-2018-1118.json +++ b/2018/1xxx/CVE-2018-1118.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file." + "value": "Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Initialization", + "value": "CWE-665", "cweId": "CWE-665" } ] @@ -32,24 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "kernel", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "vhost", "version": { "version_data": [ { - "version_value": "0:3.10.0-957.rt56.910.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.14.0-115.el7a", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-957.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "since 4.8" } ] } @@ -82,16 +74,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2018:3096" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-1118", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-1118" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573699", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1573699" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118", "refsource": "MISC",