admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-13 04:00:33 +00:00
parent 4f598c7ce2
commit a8c6ad0a0c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
27 changed files with 1056 additions and 1564 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
2013/0xxx/CVE-2013-0331.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0331",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=914879",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914879"
"name": "http://rhn.redhat.com/errata/RHSA-2013-0638.html"
},
{
"name": "RHSA-2013:0638",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html"
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb",
"refsource": "MISC",
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb"
},
{
"name": "[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/7"
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/21/7"
},
{
"name": "57994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57994"
"url": "http://www.securityfocus.com/bid/57994",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/57994"
},
{
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb",
"refsource": "CONFIRM",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb"
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16",
"refsource": "MISC",
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914879",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=914879"
}
]
}

94
2013/0xxx/CVE-2013-0333.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2013-0333 rubygem-activesupport: json to yaml parsing"
"value": "lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data",
"cweId": "CWE-502"
"value": "n/a"
}
]
}
@ -32,42 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CloudForms for RHEL 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:1.1.12.1-1.el6cf",
"version_affected": "!"
},
{
"version_value": "1:3.0.10-9.el6cf",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Subscription Asset Manager 1.1",
"version": {
"version_data": [
{
"version_value": "1:3.0.10-7.el6cf",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEL 6 Version of OpenShift Enterprise",
"version": {
"version_data": [
{
"version_value": "1:3.0.13-4.el6op",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -125,36 +98,6 @@
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2613"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0201",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0201"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0202",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0202"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0203",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0203"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-0333",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-0333"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=903440",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=903440"
},
{
"url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo",
"refsource": "MISC",
"name": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo"
},
{
"url": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain",
"refsource": "MISC",
@ -166,30 +109,5 @@
"name": "https://puppet.com/security/cve/cve-2013-0333"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}
}

85
2013/0xxx/CVE-2013-0337.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0337",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "55181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55181"
"url": "http://secunia.com/advisories/55181",
"refsource": "MISC",
"name": "http://secunia.com/advisories/55181"
},
{
"name": "[oss-security] 20130224 nginx CVE-2013-0337 world-readable logs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/24/1"
"url": "http://security.gentoo.org/glsa/glsa-201310-04.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201310-04.xml"
},
{
"name": "[oss-security] 20130221 Re: CVE request: nginx world-readable logdir",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/22/1"
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/15",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/21/15"
},
{
"name": "GLSA-201310-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201310-04.xml"
"url": "http://www.openwall.com/lists/oss-security/2013/02/22/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/22/1"
},
{
"name": "[oss-security] 20130221 nginx world-readable logdir",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/15"
"url": "http://www.openwall.com/lists/oss-security/2013/02/24/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/24/1"
}
]
}

132
2013/0xxx/CVE-2013-0338.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0338",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,72 +27,91 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "52662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52662"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"
},
{
"name": "openSUSE-SU-2013:0555",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html"
"url": "http://secunia.com/advisories/52662",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52662"
},
{
"name": "SUSE-SU-2013:1627",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"
"url": "http://secunia.com/advisories/55568",
"refsource": "MISC",
"name": "http://secunia.com/advisories/55568"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=912400",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400"
"url": "http://www.debian.org/security/2013/dsa-2652",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2652"
},
{
"name": "openSUSE-SU-2013:0552",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html"
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "SSRT101996",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html"
},
{
"name": "DSA-2652",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2652"
"url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"
},
{
"name": "HPSBGN03302",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056"
},
{
"name": "55568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55568"
"url": "http://www.ubuntu.com/usn/USN-1782-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1782-1"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab"
"url": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab"
},
{
"name": "USN-1782-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1782-1"
},
{
"name": "MDVSA-2013:056",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=912400"
}
]
}

191
2013/0xxx/CVE-2013-0339.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0339",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE."
"value": "libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE."
}
]
},
@ -50,82 +27,106 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "52662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52662"
},
{
"name": "SUSE-SU-2013:1627",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"
},
{
"name": "[oss-security] 20130221 CVE Guidance for Libraries and Resource-Consumption DoS",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/02/21/24"
},
{
"name": "[oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/02/22/3"
},
{
"name": "[oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/188"
},
{
"name": "[oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/184"
},
{
"name": "[oss-security] 20131028 Re: CVE Request: libxml2 external parsed entities issue",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/182"
},
{
"name": "USN-1904-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1904-2"
},
{
"name": "USN-1904-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1904-1"
},
{
"name": "DSA-2652",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2652"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=915149",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915149"
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"
},
{
"name": "54172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54172"
},
{
"name": "55568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55568"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f",
"url": "http://openwall.com/lists/oss-security/2013/02/21/24",
"refsource": "MISC",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f"
"name": "http://openwall.com/lists/oss-security/2013/02/21/24"
},
{
"name": "[oss-security] 20130412 Re-evaluating expat/libxml2 CVE assignments",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/12/6"
"url": "http://openwall.com/lists/oss-security/2013/02/22/3",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2013/02/22/3"
},
{
"url": "http://seclists.org/oss-sec/2013/q4/182",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q4/182"
},
{
"url": "http://seclists.org/oss-sec/2013/q4/184",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q4/184"
},
{
"url": "http://seclists.org/oss-sec/2013/q4/188",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q4/188"
},
{
"url": "http://secunia.com/advisories/52662",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52662"
},
{
"url": "http://secunia.com/advisories/54172",
"refsource": "MISC",
"name": "http://secunia.com/advisories/54172"
},
{
"url": "http://secunia.com/advisories/55568",
"refsource": "MISC",
"name": "http://secunia.com/advisories/55568"
},
{
"url": "http://www.debian.org/security/2013/dsa-2652",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2652"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/04/12/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/12/6"
},
{
"url": "http://www.ubuntu.com/usn/USN-1904-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1904-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-1904-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1904-2"
},
{
"url": "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915149",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=915149"
}
]
}

201
2013/0xxx/CVE-2013-0340.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0340",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE."
"value": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE."
}
]
},
@ -50,127 +27,151 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/02/22/3"
"url": "http://openwall.com/lists/oss-security/2013/02/22/3",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2013/02/22/3"
},
{
"name": "[oss-security] 20130413 Re-evaluating expat/libxml2 CVE assignments",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/12/6"
"url": "http://seclists.org/fulldisclosure/2021/Oct/61",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/Oct/61"
},
{
"name": "90634",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/90634"
"url": "http://seclists.org/fulldisclosure/2021/Oct/62",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/Oct/62"
},
{
"name": "1028213",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1028213"
"url": "http://seclists.org/fulldisclosure/2021/Oct/63",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/Oct/63"
},
{
"name": "GLSA-201701-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-21"
"url": "http://seclists.org/fulldisclosure/2021/Sep/33",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/Sep/33"
},
{
"name": "58233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58233"
"url": "http://seclists.org/fulldisclosure/2021/Sep/34",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/Sep/34"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212805",
"url": "https://support.apple.com/kb/HT212805"
"url": "http://seclists.org/fulldisclosure/2021/Sep/35",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/Sep/35"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212804",
"url": "https://support.apple.com/kb/HT212804"
"url": "http://seclists.org/fulldisclosure/2021/Sep/38",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/Sep/38"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212807",
"url": "https://support.apple.com/kb/HT212807"
"url": "http://seclists.org/fulldisclosure/2021/Sep/39",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/Sep/39"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212819",
"url": "https://support.apple.com/kb/HT212819"
"url": "http://seclists.org/fulldisclosure/2021/Sep/40",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/Sep/40"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212814",
"url": "https://support.apple.com/kb/HT212814"
"url": "http://securitytracker.com/id?1028213",
"refsource": "MISC",
"name": "http://securitytracker.com/id?1028213"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212815",
"url": "https://support.apple.com/kb/HT212815"
"url": "http://www.openwall.com/lists/oss-security/2013/04/12/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/12/6"
},
{
"refsource": "FULLDISC",
"name": "20210921 APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
"url": "http://seclists.org/fulldisclosure/2021/Sep/33"
"url": "http://www.openwall.com/lists/oss-security/2021/10/07/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2021/10/07/4"
},
{
"refsource": "FULLDISC",
"name": "20210921 APPLE-SA-2021-09-20-2 watchOS 8",
"url": "http://seclists.org/fulldisclosure/2021/Sep/34"
"url": "http://www.osvdb.org/90634",
"refsource": "MISC",
"name": "http://www.osvdb.org/90634"
},
{
"refsource": "FULLDISC",
"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
"url": "http://seclists.org/fulldisclosure/2021/Sep/40"
"url": "http://www.securityfocus.com/bid/58233",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58233"
},
{
"refsource": "FULLDISC",
"name": "20210921 APPLE-SA-2021-09-20-3 tvOS 15",
"url": "http://seclists.org/fulldisclosure/2021/Sep/35"
"url": "https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E"
},
{
"refsource": "FULLDISC",
"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
"url": "http://seclists.org/fulldisclosure/2021/Sep/38"
"url": "https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E"
},
{
"refsource": "FULLDISC",
"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
"url": "http://seclists.org/fulldisclosure/2021/Sep/39"
"url": "https://security.gentoo.org/glsa/201701-21",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-21"
},
{
"refsource": "MLIST",
"name": "[announce] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs",
"url": "https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d@%3Cannounce.apache.org%3E"
"url": "https://support.apple.com/kb/HT212804",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT212804"
},
{
"refsource": "MLIST",
"name": "[openoffice-users] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs",
"url": "https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702@%3Cusers.openoffice.apache.org%3E"
"url": "https://support.apple.com/kb/HT212805",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT212805"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs",
"url": "http://www.openwall.com/lists/oss-security/2021/10/07/4"
"url": "https://support.apple.com/kb/HT212807",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT212807"
},
{
"refsource": "FULLDISC",
"name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
"url": "http://seclists.org/fulldisclosure/2021/Oct/62"
"url": "https://support.apple.com/kb/HT212814",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT212814"
},
{
"refsource": "FULLDISC",
"name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
"url": "http://seclists.org/fulldisclosure/2021/Oct/63"
"url": "https://support.apple.com/kb/HT212815",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT212815"
},
{
"refsource": "FULLDISC",
"name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
"url": "http://seclists.org/fulldisclosure/2021/Oct/61"
"url": "https://support.apple.com/kb/HT212819",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT212819"
}
]
}

39
2013/0xxx/CVE-2013-0342.json
View File

@ -1,12 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0342",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -39,6 +39,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "before 2.1"
}
]
@ -53,39 +54,39 @@
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2013/02/15/9",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=911685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=911685"
"name": "http://www.openwall.com/lists/oss-security/2013/02/15/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/27",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/15/9",
"url": "http://www.openwall.com/lists/oss-security/2013/02/15/9"
"name": "http://www.openwall.com/lists/oss-security/2013/02/21/27"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/02/22/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/22/2",
"url": "http://www.openwall.com/lists/oss-security/2013/02/22/2"
"name": "http://www.openwall.com/lists/oss-security/2013/02/22/2"
},
{
"url": "http://www.securityfocus.com/bid/57984",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/21/27",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/27"
"name": "http://www.securityfocus.com/bid/57984"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82134",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/57984",
"url": "http://www.securityfocus.com/bid/57984"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82134"
},
{
"url": "https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82134",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82134"
"name": "https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5",
"url": "https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=911685",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=911685"
}
]
}

175
2013/0xxx/CVE-2013-0343.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0343",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,107 +27,131 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2024-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2024-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"
},
{
"name": "[oss-security] 20130121 Re: Linux kernel handling of IPv6 temporary addresses",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/21/11"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"name": "RHSA-2013:1490",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
"url": "http://www.ubuntu.com/usn/USN-2020-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2020-1"
},
{
"name": "USN-1977-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1977-1"
"url": "http://www.ubuntu.com/usn/USN-2023-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2023-1"
},
{
"name": "USN-2039-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2039-1"
"url": "http://openwall.com/lists/oss-security/2012/12/05/4",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2012/12/05/4"
},
{
"name": "USN-2022-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2022-1"
"url": "http://openwall.com/lists/oss-security/2013/01/16/7",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2013/01/16/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=914664",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914664"
"url": "http://openwall.com/lists/oss-security/2013/01/21/11",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2013/01/21/11"
},
{
"name": "RHSA-2013:1645",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1449.html"
},
{
"name": "USN-2038-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2038-1"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name": "USN-2020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2020-1"
"url": "http://www.openwall.com/lists/oss-security/2013/02/22/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/22/6"
},
{
"name": "USN-2021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2021-1"
"url": "http://www.ubuntu.com/usn/USN-1976-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1976-1"
},
{
"name": "USN-1976-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1976-1"
"url": "http://www.ubuntu.com/usn/USN-1977-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1977-1"
},
{
"name": "USN-2019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2019-1"
"url": "http://www.ubuntu.com/usn/USN-2019-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2019-1"
},
{
"name": "[oss-security] 20130222 Re: Linux kernel handling of IPv6 temporary addresses",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/22/6"
"url": "http://www.ubuntu.com/usn/USN-2021-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2021-1"
},
{
"name": "[oss-security] 20130116 Re: Linux kernel handling of IPv6 temporary addresses",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/16/7"
"url": "http://www.ubuntu.com/usn/USN-2022-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2022-1"
},
{
"name": "RHSA-2013:1449",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html"
"url": "http://www.ubuntu.com/usn/USN-2024-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2024-1"
},
{
"name": "[oss-security] 20121205 Re: Linux kernel handling of IPv6 temporary addresses",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/12/05/4"
"url": "http://www.ubuntu.com/usn/USN-2038-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2038-1"
},
{
"name": "openSUSE-SU-2014:0204",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"
"url": "http://www.ubuntu.com/usn/USN-2039-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2039-1"
},
{
"name": "USN-2023-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2023-1"
"url": "http://www.ubuntu.com/usn/USN-2050-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2050-1"
},
{
"name": "USN-2050-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2050-1"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=914664",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=914664"
}
]
}

91
2013/0xxx/CVE-2013-0348.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0348",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://opensource.dyc.edu/gitweb/?p=sthttpd.git;a=commitdiff;h=d2e186dbd58d274a0dea9b59357edc8498b5388d",
"refsource": "CONFIRM",
"url": "http://opensource.dyc.edu/gitweb/?p=sthttpd.git;a=commitdiff;h=d2e186dbd58d274a0dea9b59357edc8498b5388d"
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00050.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00050.html"
},
{
"name": "[oss-security] 20130222 Re: CVE request: sthttpd world-redable logdir",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/23/7"
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00015.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00015.html"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=458896",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=458896"
"url": "http://opensource.dyc.edu/gitweb/?p=sthttpd.git%3Ba=commitdiff%3Bh=d2e186dbd58d274a0dea9b59357edc8498b5388d",
"refsource": "MISC",
"name": "http://opensource.dyc.edu/gitweb/?p=sthttpd.git%3Ba=commitdiff%3Bh=d2e186dbd58d274a0dea9b59357edc8498b5388d"
},
{
"name": "openSUSE-SU-2014:0021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00015.html"
"url": "http://www.openwall.com/lists/oss-security/2013/02/23/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/23/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=924857",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=924857"
"url": "https://bugs.gentoo.org/show_bug.cgi?id=458896",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/show_bug.cgi?id=458896"
},
{
"name": "openSUSE-SU-2013:1862",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00050.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=924857",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=924857"
}
]
}

79
2013/4xxx/CVE-2013-4260.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4260",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg"
"url": "http://www.ansible.com/security",
"refsource": "MISC",
"name": "http://www.ansible.com/security"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=998227",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=998227"
"url": "https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg",
"refsource": "MISC",
"name": "https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg"
},
{
"name": "ansible-cve20134260-symlink(86898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86898"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86898",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86898"
},
{
"name": "http://www.ansible.com/security",
"refsource": "CONFIRM",
"url": "http://www.ansible.com/security"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=998227",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=998227"
}
]
}

85
2013/4xxx/CVE-2013-4261.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4261",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130912 [OSSA 2013-026] Potential denial of service on Nova when using Qpid (CVE-2013-4261)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q3/595"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1199.html"
},
{
"name": "RHSA-2013:1199",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html"
"url": "http://seclists.org/oss-sec/2013/q3/595",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q3/595"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=999271",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999271"
"url": "https://bugs.launchpad.net/nova/+bug/1215091",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/nova/+bug/1215091"
},
{
"name": "https://bugs.launchpad.net/nova/+bug/1215091",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1215091"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999164",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=999164"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=999164",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999164"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999271",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=999271"
}
]
}

91
2013/4xxx/CVE-2013-4270.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4270",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1027752",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027752"
"url": "http://www.ubuntu.com/usn/USN-2049-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2049-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.5"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0100.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0100.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2433c8f094a008895e66f25bd1773cdb01c91d01",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2433c8f094a008895e66f25bd1773cdb01c91d01"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2433c8f094a008895e66f25bd1773cdb01c91d01",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2433c8f094a008895e66f25bd1773cdb01c91d01"
},
{
"name": "https://github.com/torvalds/linux/commit/2433c8f094a008895e66f25bd1773cdb01c91d01",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/2433c8f094a008895e66f25bd1773cdb01c91d01"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.5",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.5"
},
{
"name": "USN-2049-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2049-1"
"url": "https://github.com/torvalds/linux/commit/2433c8f094a008895e66f25bd1773cdb01c91d01",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/2433c8f094a008895e66f25bd1773cdb01c91d01"
},
{
"name": "RHSA-2014:0100",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0100.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027752",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1027752"
}
]
}

85
2013/4xxx/CVE-2013-4271.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4271",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1862",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1862.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1862.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1862.html"
},
{
"name": "https://github.com/restlet/restlet-framework-java/issues/778",
"refsource": "CONFIRM",
"url": "https://github.com/restlet/restlet-framework-java/issues/778"
"url": "http://restlet.org/learn/2.1/changes",
"refsource": "MISC",
"name": "http://restlet.org/learn/2.1/changes"
},
{
"name": "http://restlet.org/learn/2.1/changes",
"refsource": "CONFIRM",
"url": "http://restlet.org/learn/2.1/changes"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1410.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1410.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=999735",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999735"
"url": "https://github.com/restlet/restlet-framework-java/issues/778",
"refsource": "MISC",
"name": "https://github.com/restlet/restlet-framework-java/issues/778"
},
{
"name": "RHSA-2013:1410",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1410.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999735",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=999735"
}
]
}

75
2013/4xxx/CVE-2013-4278.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4278",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"create an instance\" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256."
"value": "The \"create an instance\" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256."
}
]
},
@ -50,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ossa/+bug/1212179",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ossa/+bug/1212179"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1199.html"
},
{
"name": "[openstack-announce] 20130828 [OSSA 2013-024] Resource limit circumvention in Nova private flavors (CVE-2013-4278)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html"
"url": "http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html",
"refsource": "MISC",
"name": "http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html"
},
{
"name": "RHSA-2013:1199",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html"
"url": "https://bugs.launchpad.net/ossa/+bug/1212179",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ossa/+bug/1212179"
}
]
}

79
2013/4xxx/CVE-2013-4279.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4279",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,27 +27,51 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1000215",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000215"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130493.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130493.html"
},
{
"name": "65002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65002"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:060",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:060"
},
{
"name": "FEDORA-2014-3860",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130493.html"
"url": "http://www.securityfocus.com/bid/65002",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/65002"
},
{
"name": "MDVSA-2014:060",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:060"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000215",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1000215"
}
]
}

63
2013/4xxx/CVE-2013-4280.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4280",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "RedHat",
"product": {
"product_data": [
{
"product_name": "vdsm",
"version": {
"version_data": [
{
"version_value": "through 2013-07-24"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "RedHat",
"product": {
"product_data": [
{
"product_name": "vdsm",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "through 2013-07-24"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4280",
"url": "https://access.redhat.com/security/cve/cve-2013-4280",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4280"
"name": "https://access.redhat.com/security/cve/cve-2013-4280"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4280",
@ -63,9 +64,9 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4280"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4280",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4280",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4280"
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4280"
}
]
}

85
2013/4xxx/CVE-2013-4282.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2013-4282 spice: stack buffer overflow in reds_handle_ticket() function"
"value": "Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
"value": "n/a"
}
]
}
@ -32,38 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:0.3.0-56.el5_10.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:0.12.0-12.el6_4.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "0:6.4-20131016.0.el6_4",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -115,56 +92,6 @@
"url": "http://www.ubuntu.com/usn/USN-2027-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2027-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1460",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1460"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1473",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1473"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1474",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1474"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4282",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4282"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000443",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1000443"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

85
2013/4xxx/CVE-2013-4283.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4283",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1182",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1182.html"
"url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8",
"refsource": "MISC",
"name": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8"
},
{
"name": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1182.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1182.html"
},
{
"name": "54650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54650"
"url": "http://secunia.com/advisories/54586",
"refsource": "MISC",
"name": "http://secunia.com/advisories/54586"
},
{
"name": "54586",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54586"
"url": "http://secunia.com/advisories/54650",
"refsource": "MISC",
"name": "http://secunia.com/advisories/54650"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=999634",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999634"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999634",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=999634"
}
]
}

135
2016/9xxx/CVE-2016-9922.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2016-9921 CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy"
"value": "The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Divide By Zero",
"cweId": "CWE-369"
"value": "n/a"
}
]
}
@ -32,82 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 10.0 (Newton)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 11.0 (Ocata)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 8.0 (Liberty)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-10.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:2.9.0-14.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -145,16 +78,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2016-9922",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2016-9922"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",
"refsource": "MISC",
@ -164,51 +87,11 @@
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jiangxin (Huawei Inc.), Li Qiang (Qihoo 360), and Qinghao Tang (Qihoo 360) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398"
}
]
}

28
2018/10xxx/CVE-2018-10839.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the network, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario."
"value": "Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"value": "CWE-121",
"cweId": "CWE-121"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "The QEMU Project",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "Qemu-kvm",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.506.el6_10.5",
"version_affected": "!"
"version_affected": "=",
"version_value": "<= 3.0.0"
}
]
}
@ -69,16 +69,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2892"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10839",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10839"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581013",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1581013"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839",
"refsource": "MISC",
@ -101,12 +91,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Arash Tohidi and Daniel Shapira (Twistlock) for reporting this issue."
}
],
"impact": {
"cvss": [
{

212
2018/1xxx/CVE-2018-1047.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability was discovered in Undertow's org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files."
"value": "A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
"value": "CWE-20->CWE-22",
"cweId": "CWE-20"
}
]
}
@ -32,187 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6",
"product_name": "Wildfly",
"version": {
"version_data": [
{
"version_value": "0:1.5.5.010-1.redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:5.1.13-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:8.2.10-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.4.8-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:4.0.10-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:2.2.13-5.SP2_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:2.0.4-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-3.SP2_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:3.5.5-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:3.6.14-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3.9-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:5.0.3-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:2.5.5-11.SP10_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.4.18-5.SP5_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:2.4.7-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:7.1.2-1.GA_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.9-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.6-1.Final_redhat_1.1.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:2.9.16-2.Final_redhat_1.2.ep7.el6",
"version_affected": "!"
},
{
"version_value": "0:7.1.2-1.GA_redhat_1.ep7.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:1.5.5.010-1.redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:5.1.13-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:8.2.10-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:1.4.8-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:4.0.10-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:2.2.13-5.SP2_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:2.0.4-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-3.SP2_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:3.5.5-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:3.6.14-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3.9-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:5.0.3-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:2.5.5-11.SP10_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:1.4.18-5.SP5_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:2.4.7-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:7.1.2-1.GA_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.9-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.6-1.Final_redhat_1.1.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:2.9.16-2.Final_redhat_1.2.ep7.el7",
"version_affected": "!"
},
{
"version_value": "0:7.1.2-1.GA_redhat_1.ep7.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "9.x"
}
]
}
@ -251,37 +80,14 @@
"name": "https://access.redhat.com/errata/RHSA-2018:2938"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1047",
"url": "https://issues.jboss.org/browse/WFLY-9620",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1047"
"name": "https://issues.jboss.org/browse/WFLY-9620"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528361",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1528361"
},
{
"url": "https://issues.jboss.org/browse/WFLY-9620",
"refsource": "MISC",
"name": "https://issues.jboss.org/browse/WFLY-9620"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
}

89
2018/1xxx/CVE-2018-1048.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-01-15T00:00:00",
"ID": "CVE-2018-1048",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "undertow as shipped in Jboss EAP 7.1.0.GA",
"version": {
"version_data": [
{
"version_value": "7.1.0.GA"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,38 +21,63 @@
"description": [
{
"lang": "eng",
"value": "CWE-22"
"value": "CWE-22",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "undertow as shipped in Jboss EAP 7.1.0.GA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.1.0.GA"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0479",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0479"
"url": "https://access.redhat.com/errata/RHSA-2018:0478",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0478"
},
{
"name": "RHSA-2018:0481",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0481"
"url": "https://access.redhat.com/errata/RHSA-2018:0479",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0479"
},
{
"name": "RHSA-2018:0480",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0480"
"url": "https://access.redhat.com/errata/RHSA-2018:0480",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0480"
},
{
"name": "RHSA-2018:0478",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0478"
"url": "https://access.redhat.com/errata/RHSA-2018:0481",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:0481"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1534343",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534343"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534343",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1534343"
}
]
}

119
2018/1xxx/CVE-2018-1057.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-13T00:00:00",
"ID": "CVE-2018-1057",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samba",
"version": {
"version_data": [
{
"version_value": "All versions of Samba from 4.0.0 onwards."
}
]
}
}
]
},
"vendor_name": "Samba"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,63 +21,88 @@
"description": [
{
"lang": "eng",
"value": "CWE-863"
"value": "CWE-863",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Samba",
"product": {
"product_data": [
{
"product_name": "Samba",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions of Samba from 4.0.0 onwards."
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "103382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103382"
"url": "http://www.securityfocus.com/bid/103382",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/103382"
},
{
"name": "DSA-4135",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4135"
"url": "http://www.securitytracker.com/id/1040494",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1040494"
},
{
"name": "USN-3595-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3595-1/"
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"
},
{
"name": "1040494",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040494"
"url": "https://security.gentoo.org/glsa/201805-07",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201805-07"
},
{
"name": "GLSA-201805-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-07"
"url": "https://security.netapp.com/advisory/ntap-20180313-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20180313-0001/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180313-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180313-0001/"
"url": "https://usn.ubuntu.com/3595-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3595-1/"
},
{
"name": "https://www.samba.org/samba/security/CVE-2018-1057.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2018-1057.html"
"url": "https://www.debian.org/security/2018/dsa-4135",
"refsource": "MISC",
"name": "https://www.debian.org/security/2018/dsa-4135"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1553553",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553553"
"url": "https://www.samba.org/samba/security/CVE-2018-1057.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2018-1057.html"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_08",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_08"
"url": "https://www.synology.com/support/security/Synology_SA_18_08",
"refsource": "MISC",
"name": "https://www.synology.com/support/security/Synology_SA_18_08"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553553",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1553553"
}
]
}

44
2018/1xxx/CVE-2018-1065.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the netfilter/iptables subsystem. A user with the netfilter modification capabilities could insert a rule which could panic the system."
"value": "The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
"value": "NULL pointer dereference"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel 4.15.0-rc9",
"version": {
"version_data": [
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel 4.15.0-rc9"
}
]
}
@ -84,16 +83,6 @@
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1040446"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1065",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1065"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824"
},
{
"url": "https://github.com/torvalds/linux/commit/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8",
"refsource": "MISC",
@ -113,24 +102,11 @@
"url": "https://usn.ubuntu.com/3656-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3656-1/"
}
]
},
"impact": {
"cvss": [
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824"
}
]
}

71
2018/1xxx/CVE-2018-1069.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-07T00:00:00",
"ID": "CVE-2018-1069",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenShift Enterprise",
"version": {
"version_data": [
{
"version_value": "3.7"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-284 (Improper Access Control)"
"value": "CWE-284 (Improper Access Control)",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "OpenShift Enterprise",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552987",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552987"
"url": "http://www.securityfocus.com/bid/103364",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/103364"
},
{
"name": "103364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103364"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552987",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552987"
}
]
}

28
2018/1xxx/CVE-2018-1075.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in ovirt-engine. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords."
"value": "ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information into Log File",
"value": "CWE-532",
"cweId": "CWE-532"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat Virtualization Engine 4.2",
"product_name": "ovirt-engine",
"version": {
"version_data": [
{
"version_value": "0:4.2.4.5-1",
"version_affected": "!"
"version_affected": "=",
"version_value": "up to ovirt-engine 4.2.3"
}
]
}
@ -59,16 +59,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2071"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1075",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1075"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542508",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1542508"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1075",
"refsource": "MISC",
@ -81,12 +71,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Yedidyah Bar David (Red Hat)."
}
],
"impact": {
"cvss": [
{

70
2018/1xxx/CVE-2018-1078.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_ASSIGNED": "2018-03-14",
"ID": "CVE-2018-1078",
"REQUESTER": "kseifried@redhat.com",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenDayLight",
"version": {
"version_data": [
{
"version_value": "Carbon SR3"
}
]
}
}
]
},
"vendor_name": "OpenDayLight"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "CWE-20",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenDayLight",
"product": {
"product_data": [
{
"product_name": "OpenDayLight",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Carbon SR3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1533501",
"url": "https://jira.opendaylight.org/browse/OPNFLWPLUG-971",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533501"
"name": "https://jira.opendaylight.org/browse/OPNFLWPLUG-971"
},
{
"name": "https://jira.opendaylight.org/browse/OPNFLWPLUG-971",
"refsource": "CONFIRM",
"url": "https://jira.opendaylight.org/browse/OPNFLWPLUG-971"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533501",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1533501"
}
]
}