diff --git a/2013/0xxx/CVE-2013-0331.json b/2013/0xxx/CVE-2013-0331.json index a9aceb7eec8..c9beec8dc91 100644 --- a/2013/0xxx/CVE-2013-0331.json +++ b/2013/0xxx/CVE-2013-0331.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0331", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=914879", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914879" + "name": "http://rhn.redhat.com/errata/RHSA-2013-0638.html" }, { - "name": "RHSA-2013:0638", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html" + "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb", + "refsource": "MISC", + "name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb" }, { - "name": "[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/02/21/7" + "url": "http://www.openwall.com/lists/oss-security/2013/02/21/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/21/7" }, { - "name": "57994", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/57994" + "url": "http://www.securityfocus.com/bid/57994", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57994" }, { - "name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb", - "refsource": "CONFIRM", - "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb" + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", + "refsource": "MISC", + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16" }, { - "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", - "refsource": "CONFIRM", - "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914879", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=914879" } ] } diff --git a/2013/0xxx/CVE-2013-0333.json b/2013/0xxx/CVE-2013-0333.json index cf62d387cec..dea0f395e22 100644 --- a/2013/0xxx/CVE-2013-0333.json +++ b/2013/0xxx/CVE-2013-0333.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2013-0333 rubygem-activesupport: json to yaml parsing" + "value": "lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Deserialization of Untrusted Data", - "cweId": "CWE-502" + "value": "n/a" } ] } @@ -32,42 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "CloudForms for RHEL 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:1.1.12.1-1.el6cf", - "version_affected": "!" - }, - { - "version_value": "1:3.0.10-9.el6cf", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Subscription Asset Manager 1.1", - "version": { - "version_data": [ - { - "version_value": "1:3.0.10-7.el6cf", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "RHEL 6 Version of OpenShift Enterprise", - "version": { - "version_data": [ - { - "version_value": "1:3.0.13-4.el6op", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -125,36 +98,6 @@ "refsource": "MISC", "name": "http://www.debian.org/security/2013/dsa-2613" }, - { - "url": "https://access.redhat.com/errata/RHSA-2013:0201", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:0201" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2013:0202", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:0202" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2013:0203", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:0203" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2013-0333", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2013-0333" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=903440", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=903440" - }, - { - "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo", - "refsource": "MISC", - "name": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo" - }, { "url": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain", "refsource": "MISC", @@ -166,30 +109,5 @@ "name": "https://puppet.com/security/cve/cve-2013-0333" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "LOW", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 7.5, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0337.json b/2013/0xxx/CVE-2013-0337.json index 1fdf749de03..a008fdb9f16 100644 --- a/2013/0xxx/CVE-2013-0337.json +++ b/2013/0xxx/CVE-2013-0337.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0337", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "55181", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/55181" + "url": "http://secunia.com/advisories/55181", + "refsource": "MISC", + "name": "http://secunia.com/advisories/55181" }, { - "name": "[oss-security] 20130224 nginx CVE-2013-0337 world-readable logs", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/02/24/1" + "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { - "name": "[oss-security] 20130221 Re: CVE request: nginx world-readable logdir", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/02/22/1" + "url": "http://www.openwall.com/lists/oss-security/2013/02/21/15", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/21/15" }, { - "name": "GLSA-201310-04", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" + "url": "http://www.openwall.com/lists/oss-security/2013/02/22/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/22/1" }, { - "name": "[oss-security] 20130221 nginx world-readable logdir", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/02/21/15" + "url": "http://www.openwall.com/lists/oss-security/2013/02/24/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/24/1" } ] } diff --git a/2013/0xxx/CVE-2013-0338.json b/2013/0xxx/CVE-2013-0338.json index b0961d701db..915a269f173 100644 --- a/2013/0xxx/CVE-2013-0338.json +++ b/2013/0xxx/CVE-2013-0338.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0338", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,72 +27,91 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "52662", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/52662" + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" }, { - "name": "openSUSE-SU-2013:0555", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html" + "url": "http://secunia.com/advisories/52662", + "refsource": "MISC", + "name": "http://secunia.com/advisories/52662" }, { - "name": "SUSE-SU-2013:1627", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" + "url": "http://secunia.com/advisories/55568", + "refsource": "MISC", + "name": "http://secunia.com/advisories/55568" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=912400", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400" + "url": "http://www.debian.org/security/2013/dsa-2652", + "refsource": "MISC", + "name": "http://www.debian.org/security/2013/dsa-2652" }, { - "name": "openSUSE-SU-2013:0552", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html" + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { - "name": "SSRT101996", - "refsource": "HP", - "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2" + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html" }, { - "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html" }, { - "name": "DSA-2652", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2013/dsa-2652" + "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=bugtraq&m=142798889927587&w=2" }, { - "name": "HPSBGN03302", - "refsource": "HP", - "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056" }, { - "name": "55568", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/55568" + "url": "http://www.ubuntu.com/usn/USN-1782-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1782-1" }, { - "name": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab", - "refsource": "CONFIRM", - "url": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab" + "url": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab", + "refsource": "MISC", + "name": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab" }, { - "name": "USN-1782-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1782-1" - }, - { - "name": "MDVSA-2013:056", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=912400" } ] } diff --git a/2013/0xxx/CVE-2013-0339.json b/2013/0xxx/CVE-2013-0339.json index bcdeb6b065a..647ffc764e3 100644 --- a/2013/0xxx/CVE-2013-0339.json +++ b/2013/0xxx/CVE-2013-0339.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0339", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE." + "value": "libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE." } ] }, @@ -50,82 +27,106 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "52662", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/52662" - }, - { - "name": "SUSE-SU-2013:1627", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" - }, - { - "name": "[oss-security] 20130221 CVE Guidance for Libraries and Resource-Consumption DoS", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2013/02/21/24" - }, - { - "name": "[oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2013/02/22/3" - }, - { - "name": "[oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue", - "refsource": "MLIST", - "url": "http://seclists.org/oss-sec/2013/q4/188" - }, - { - "name": "[oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue", - "refsource": "MLIST", - "url": "http://seclists.org/oss-sec/2013/q4/184" - }, - { - "name": "[oss-security] 20131028 Re: CVE Request: libxml2 external parsed entities issue", - "refsource": "MLIST", - "url": "http://seclists.org/oss-sec/2013/q4/182" - }, - { - "name": "USN-1904-2", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1904-2" - }, - { - "name": "USN-1904-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1904-1" - }, - { - "name": "DSA-2652", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2013/dsa-2652" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=915149", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915149" + "name": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" }, { - "name": "54172", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/54172" - }, - { - "name": "55568", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/55568" - }, - { - "name": "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f", + "url": "http://openwall.com/lists/oss-security/2013/02/21/24", "refsource": "MISC", - "url": "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f" + "name": "http://openwall.com/lists/oss-security/2013/02/21/24" }, { - "name": "[oss-security] 20130412 Re-evaluating expat/libxml2 CVE assignments", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/04/12/6" + "url": "http://openwall.com/lists/oss-security/2013/02/22/3", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2013/02/22/3" + }, + { + "url": "http://seclists.org/oss-sec/2013/q4/182", + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2013/q4/182" + }, + { + "url": "http://seclists.org/oss-sec/2013/q4/184", + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2013/q4/184" + }, + { + "url": "http://seclists.org/oss-sec/2013/q4/188", + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2013/q4/188" + }, + { + "url": "http://secunia.com/advisories/52662", + "refsource": "MISC", + "name": "http://secunia.com/advisories/52662" + }, + { + "url": "http://secunia.com/advisories/54172", + "refsource": "MISC", + "name": "http://secunia.com/advisories/54172" + }, + { + "url": "http://secunia.com/advisories/55568", + "refsource": "MISC", + "name": "http://secunia.com/advisories/55568" + }, + { + "url": "http://www.debian.org/security/2013/dsa-2652", + "refsource": "MISC", + "name": "http://www.debian.org/security/2013/dsa-2652" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/12/6" + }, + { + "url": "http://www.ubuntu.com/usn/USN-1904-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1904-1" + }, + { + "url": "http://www.ubuntu.com/usn/USN-1904-2", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1904-2" + }, + { + "url": "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f", + "refsource": "MISC", + "name": "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915149", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=915149" } ] } diff --git a/2013/0xxx/CVE-2013-0340.json b/2013/0xxx/CVE-2013-0340.json index 97e2a7a521d..23a99e2f683 100644 --- a/2013/0xxx/CVE-2013-0340.json +++ b/2013/0xxx/CVE-2013-0340.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0340", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE." + "value": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE." } ] }, @@ -50,127 +27,151 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2013/02/22/3" + "url": "http://openwall.com/lists/oss-security/2013/02/22/3", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2013/02/22/3" }, { - "name": "[oss-security] 20130413 Re-evaluating expat/libxml2 CVE assignments", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/04/12/6" + "url": "http://seclists.org/fulldisclosure/2021/Oct/61", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/Oct/61" }, { - "name": "90634", - "refsource": "OSVDB", - "url": "http://www.osvdb.org/90634" + "url": "http://seclists.org/fulldisclosure/2021/Oct/62", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/Oct/62" }, { - "name": "1028213", - "refsource": "SECTRACK", - "url": "http://securitytracker.com/id?1028213" + "url": "http://seclists.org/fulldisclosure/2021/Oct/63", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/Oct/63" }, { - "name": "GLSA-201701-21", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201701-21" + "url": "http://seclists.org/fulldisclosure/2021/Sep/33", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/Sep/33" }, { - "name": "58233", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/58233" + "url": "http://seclists.org/fulldisclosure/2021/Sep/34", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/Sep/34" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT212805", - "url": "https://support.apple.com/kb/HT212805" + "url": "http://seclists.org/fulldisclosure/2021/Sep/35", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/Sep/35" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT212804", - "url": "https://support.apple.com/kb/HT212804" + "url": "http://seclists.org/fulldisclosure/2021/Sep/38", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/Sep/38" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT212807", - "url": "https://support.apple.com/kb/HT212807" + "url": "http://seclists.org/fulldisclosure/2021/Sep/39", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/Sep/39" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT212819", - "url": "https://support.apple.com/kb/HT212819" + "url": "http://seclists.org/fulldisclosure/2021/Sep/40", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/Sep/40" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT212814", - "url": "https://support.apple.com/kb/HT212814" + "url": "http://securitytracker.com/id?1028213", + "refsource": "MISC", + "name": "http://securitytracker.com/id?1028213" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT212815", - "url": "https://support.apple.com/kb/HT212815" + "url": "http://www.openwall.com/lists/oss-security/2013/04/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/12/6" }, { - "refsource": "FULLDISC", - "name": "20210921 APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15", - "url": "http://seclists.org/fulldisclosure/2021/Sep/33" + "url": "http://www.openwall.com/lists/oss-security/2021/10/07/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/10/07/4" }, { - "refsource": "FULLDISC", - "name": "20210921 APPLE-SA-2021-09-20-2 watchOS 8", - "url": "http://seclists.org/fulldisclosure/2021/Sep/34" + "url": "http://www.osvdb.org/90634", + "refsource": "MISC", + "name": "http://www.osvdb.org/90634" }, { - "refsource": "FULLDISC", - "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", - "url": "http://seclists.org/fulldisclosure/2021/Sep/40" + "url": "http://www.securityfocus.com/bid/58233", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58233" }, { - "refsource": "FULLDISC", - "name": "20210921 APPLE-SA-2021-09-20-3 tvOS 15", - "url": "http://seclists.org/fulldisclosure/2021/Sep/35" + "url": "https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E" }, { - "refsource": "FULLDISC", - "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", - "url": "http://seclists.org/fulldisclosure/2021/Sep/38" + "url": "https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E" }, { - "refsource": "FULLDISC", - "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", - "url": "http://seclists.org/fulldisclosure/2021/Sep/39" + "url": "https://security.gentoo.org/glsa/201701-21", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201701-21" }, { - "refsource": "MLIST", - "name": "[announce] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs", - "url": "https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d@%3Cannounce.apache.org%3E" + "url": "https://support.apple.com/kb/HT212804", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT212804" }, { - "refsource": "MLIST", - "name": "[openoffice-users] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs", - "url": "https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702@%3Cusers.openoffice.apache.org%3E" + "url": "https://support.apple.com/kb/HT212805", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT212805" }, { - "refsource": "MLIST", - "name": "[oss-security] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs", - "url": "http://www.openwall.com/lists/oss-security/2021/10/07/4" + "url": "https://support.apple.com/kb/HT212807", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT212807" }, { - "refsource": "FULLDISC", - "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8", - "url": "http://seclists.org/fulldisclosure/2021/Oct/62" + "url": "https://support.apple.com/kb/HT212814", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT212814" }, { - "refsource": "FULLDISC", - "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15", - "url": "http://seclists.org/fulldisclosure/2021/Oct/63" + "url": "https://support.apple.com/kb/HT212815", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT212815" }, { - "refsource": "FULLDISC", - "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15", - "url": "http://seclists.org/fulldisclosure/2021/Oct/61" + "url": "https://support.apple.com/kb/HT212819", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT212819" } ] } diff --git a/2013/0xxx/CVE-2013-0342.json b/2013/0xxx/CVE-2013-0342.json index acef8a44388..40a964a5a00 100644 --- a/2013/0xxx/CVE-2013-0342.json +++ b/2013/0xxx/CVE-2013-0342.json @@ -1,12 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0342", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -39,6 +39,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "before 2.1" } ] @@ -53,39 +54,39 @@ "references": { "reference_data": [ { + "url": "http://www.openwall.com/lists/oss-security/2013/02/15/9", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=911685", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=911685" + "name": "http://www.openwall.com/lists/oss-security/2013/02/15/9" }, { + "url": "http://www.openwall.com/lists/oss-security/2013/02/21/27", "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2013/02/15/9", - "url": "http://www.openwall.com/lists/oss-security/2013/02/15/9" + "name": "http://www.openwall.com/lists/oss-security/2013/02/21/27" }, { + "url": "http://www.openwall.com/lists/oss-security/2013/02/22/2", "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2013/02/22/2", - "url": "http://www.openwall.com/lists/oss-security/2013/02/22/2" + "name": "http://www.openwall.com/lists/oss-security/2013/02/22/2" }, { + "url": "http://www.securityfocus.com/bid/57984", "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2013/02/21/27", - "url": "http://www.openwall.com/lists/oss-security/2013/02/21/27" + "name": "http://www.securityfocus.com/bid/57984" }, { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82134", "refsource": "MISC", - "name": "http://www.securityfocus.com/bid/57984", - "url": "http://www.securityfocus.com/bid/57984" + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82134" }, { + "url": "https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5", "refsource": "MISC", - "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82134", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82134" + "name": "https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5" }, { - "refsource": "CONFIRM", - "name": "https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5", - "url": "https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=911685", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=911685" } ] } diff --git a/2013/0xxx/CVE-2013-0343.json b/2013/0xxx/CVE-2013-0343.json index b322e465408..cf9ab341c3b 100644 --- a/2013/0xxx/CVE-2013-0343.json +++ b/2013/0xxx/CVE-2013-0343.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0343", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,107 +27,131 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-2024-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2024-1" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" }, { - "name": "[oss-security] 20130121 Re: Linux kernel handling of IPv6 temporary addresses", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2013/01/21/11" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1490.html" }, { - "name": "RHSA-2013:1490", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html" + "url": "http://www.ubuntu.com/usn/USN-2020-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2020-1" }, { - "name": "USN-1977-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1977-1" + "url": "http://www.ubuntu.com/usn/USN-2023-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2023-1" }, { - "name": "USN-2039-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2039-1" + "url": "http://openwall.com/lists/oss-security/2012/12/05/4", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2012/12/05/4" }, { - "name": "USN-2022-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2022-1" + "url": "http://openwall.com/lists/oss-security/2013/01/16/7", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2013/01/16/7" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=914664", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914664" + "url": "http://openwall.com/lists/oss-security/2013/01/21/11", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2013/01/21/11" }, { - "name": "RHSA-2013:1645", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1449.html" }, { - "name": "USN-2038-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2038-1" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1645.html" }, { - "name": "USN-2020-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2020-1" + "url": "http://www.openwall.com/lists/oss-security/2013/02/22/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/22/6" }, { - "name": "USN-2021-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2021-1" + "url": "http://www.ubuntu.com/usn/USN-1976-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1976-1" }, { - "name": "USN-1976-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1976-1" + "url": "http://www.ubuntu.com/usn/USN-1977-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1977-1" }, { - "name": "USN-2019-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2019-1" + "url": "http://www.ubuntu.com/usn/USN-2019-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2019-1" }, { - "name": "[oss-security] 20130222 Re: Linux kernel handling of IPv6 temporary addresses", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/02/22/6" + "url": "http://www.ubuntu.com/usn/USN-2021-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2021-1" }, { - "name": "[oss-security] 20130116 Re: Linux kernel handling of IPv6 temporary addresses", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2013/01/16/7" + "url": "http://www.ubuntu.com/usn/USN-2022-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2022-1" }, { - "name": "RHSA-2013:1449", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html" + "url": "http://www.ubuntu.com/usn/USN-2024-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2024-1" }, { - "name": "[oss-security] 20121205 Re: Linux kernel handling of IPv6 temporary addresses", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2012/12/05/4" + "url": "http://www.ubuntu.com/usn/USN-2038-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2038-1" }, { - "name": "openSUSE-SU-2014:0204", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" + "url": "http://www.ubuntu.com/usn/USN-2039-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2039-1" }, { - "name": "USN-2023-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2023-1" + "url": "http://www.ubuntu.com/usn/USN-2050-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2050-1" }, { - "name": "USN-2050-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2050-1" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914664", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=914664" } ] } diff --git a/2013/0xxx/CVE-2013-0348.json b/2013/0xxx/CVE-2013-0348.json index 3a40a61c37e..4be68f268a7 100644 --- a/2013/0xxx/CVE-2013-0348.json +++ b/2013/0xxx/CVE-2013-0348.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0348", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://opensource.dyc.edu/gitweb/?p=sthttpd.git;a=commitdiff;h=d2e186dbd58d274a0dea9b59357edc8498b5388d", - "refsource": "CONFIRM", - "url": "http://opensource.dyc.edu/gitweb/?p=sthttpd.git;a=commitdiff;h=d2e186dbd58d274a0dea9b59357edc8498b5388d" + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00050.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00050.html" }, { - "name": "[oss-security] 20130222 Re: CVE request: sthttpd world-redable logdir", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/02/23/7" + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00015.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00015.html" }, { - "name": "https://bugs.gentoo.org/show_bug.cgi?id=458896", - "refsource": "CONFIRM", - "url": "https://bugs.gentoo.org/show_bug.cgi?id=458896" + "url": "http://opensource.dyc.edu/gitweb/?p=sthttpd.git%3Ba=commitdiff%3Bh=d2e186dbd58d274a0dea9b59357edc8498b5388d", + "refsource": "MISC", + "name": "http://opensource.dyc.edu/gitweb/?p=sthttpd.git%3Ba=commitdiff%3Bh=d2e186dbd58d274a0dea9b59357edc8498b5388d" }, { - "name": "openSUSE-SU-2014:0021", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00015.html" + "url": "http://www.openwall.com/lists/oss-security/2013/02/23/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/23/7" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=924857", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924857" + "url": "https://bugs.gentoo.org/show_bug.cgi?id=458896", + "refsource": "MISC", + "name": "https://bugs.gentoo.org/show_bug.cgi?id=458896" }, { - "name": "openSUSE-SU-2013:1862", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00050.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924857", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=924857" } ] } diff --git a/2013/4xxx/CVE-2013-4260.json b/2013/4xxx/CVE-2013-4260.json index 24adce42a9e..a1f845e2c65 100644 --- a/2013/4xxx/CVE-2013-4260.json +++ b/2013/4xxx/CVE-2013-4260.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4260", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg", - "refsource": "CONFIRM", - "url": "https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg" + "url": "http://www.ansible.com/security", + "refsource": "MISC", + "name": "http://www.ansible.com/security" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=998227", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998227" + "url": "https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg", + "refsource": "MISC", + "name": "https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg" }, { - "name": "ansible-cve20134260-symlink(86898)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86898" + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86898", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86898" }, { - "name": "http://www.ansible.com/security", - "refsource": "CONFIRM", - "url": "http://www.ansible.com/security" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998227", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=998227" } ] } diff --git a/2013/4xxx/CVE-2013-4261.json b/2013/4xxx/CVE-2013-4261.json index 4a85df820bf..f67b2d053a5 100644 --- a/2013/4xxx/CVE-2013-4261.json +++ b/2013/4xxx/CVE-2013-4261.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4261", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20130912 [OSSA 2013-026] Potential denial of service on Nova when using Qpid (CVE-2013-4261)", - "refsource": "MLIST", - "url": "http://seclists.org/oss-sec/2013/q3/595" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" }, { - "name": "RHSA-2013:1199", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" + "url": "http://seclists.org/oss-sec/2013/q3/595", + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2013/q3/595" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=999271", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999271" + "url": "https://bugs.launchpad.net/nova/+bug/1215091", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/nova/+bug/1215091" }, { - "name": "https://bugs.launchpad.net/nova/+bug/1215091", - "refsource": "CONFIRM", - "url": "https://bugs.launchpad.net/nova/+bug/1215091" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999164", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=999164" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=999164", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999164" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999271", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=999271" } ] } diff --git a/2013/4xxx/CVE-2013-4270.json b/2013/4xxx/CVE-2013-4270.json index 9d7880db00d..13358699e43 100644 --- a/2013/4xxx/CVE-2013-4270.json +++ b/2013/4xxx/CVE-2013-4270.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4270", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1027752", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027752" + "url": "http://www.ubuntu.com/usn/USN-2049-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2049-1" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.5", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.5" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0100.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0100.html" }, { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2433c8f094a008895e66f25bd1773cdb01c91d01", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2433c8f094a008895e66f25bd1773cdb01c91d01" + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2433c8f094a008895e66f25bd1773cdb01c91d01", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2433c8f094a008895e66f25bd1773cdb01c91d01" }, { - "name": "https://github.com/torvalds/linux/commit/2433c8f094a008895e66f25bd1773cdb01c91d01", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/2433c8f094a008895e66f25bd1773cdb01c91d01" + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.5", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.5" }, { - "name": "USN-2049-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2049-1" + "url": "https://github.com/torvalds/linux/commit/2433c8f094a008895e66f25bd1773cdb01c91d01", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/2433c8f094a008895e66f25bd1773cdb01c91d01" }, { - "name": "RHSA-2014:0100", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0100.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027752", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1027752" } ] } diff --git a/2013/4xxx/CVE-2013-4271.json b/2013/4xxx/CVE-2013-4271.json index b09076abf74..3431190fcea 100644 --- a/2013/4xxx/CVE-2013-4271.json +++ b/2013/4xxx/CVE-2013-4271.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4271", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2013:1862", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1862.html" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1862.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1862.html" }, { - "name": "https://github.com/restlet/restlet-framework-java/issues/778", - "refsource": "CONFIRM", - "url": "https://github.com/restlet/restlet-framework-java/issues/778" + "url": "http://restlet.org/learn/2.1/changes", + "refsource": "MISC", + "name": "http://restlet.org/learn/2.1/changes" }, { - "name": "http://restlet.org/learn/2.1/changes", - "refsource": "CONFIRM", - "url": "http://restlet.org/learn/2.1/changes" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1410.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1410.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=999735", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999735" + "url": "https://github.com/restlet/restlet-framework-java/issues/778", + "refsource": "MISC", + "name": "https://github.com/restlet/restlet-framework-java/issues/778" }, { - "name": "RHSA-2013:1410", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1410.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999735", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=999735" } ] } diff --git a/2013/4xxx/CVE-2013-4278.json b/2013/4xxx/CVE-2013-4278.json index 5c2726bdae1..30d4ba14bae 100644 --- a/2013/4xxx/CVE-2013-4278.json +++ b/2013/4xxx/CVE-2013-4278.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4278", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The \"create an instance\" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256." + "value": "The \"create an instance\" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256." } ] }, @@ -50,22 +27,46 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugs.launchpad.net/ossa/+bug/1212179", - "refsource": "CONFIRM", - "url": "https://bugs.launchpad.net/ossa/+bug/1212179" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" }, { - "name": "[openstack-announce] 20130828 [OSSA 2013-024] Resource limit circumvention in Nova private flavors (CVE-2013-4278)", - "refsource": "MLIST", - "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html" + "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html", + "refsource": "MISC", + "name": "http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html" }, { - "name": "RHSA-2013:1199", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1199.html" + "url": "https://bugs.launchpad.net/ossa/+bug/1212179", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ossa/+bug/1212179" } ] } diff --git a/2013/4xxx/CVE-2013-4279.json b/2013/4xxx/CVE-2013-4279.json index 2505d206c2b..9e044c1e4ac 100644 --- a/2013/4xxx/CVE-2013-4279.json +++ b/2013/4xxx/CVE-2013-4279.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4279", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1000215", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000215" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130493.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130493.html" }, { - "name": "65002", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/65002" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:060", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:060" }, { - "name": "FEDORA-2014-3860", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130493.html" + "url": "http://www.securityfocus.com/bid/65002", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/65002" }, { - "name": "MDVSA-2014:060", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:060" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000215", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1000215" } ] } diff --git a/2013/4xxx/CVE-2013-4280.json b/2013/4xxx/CVE-2013-4280.json index accd12573f1..83ce6a56bee 100644 --- a/2013/4xxx/CVE-2013-4280.json +++ b/2013/4xxx/CVE-2013-4280.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4280", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "RedHat", - "product": { - "product_data": [ - { - "product_name": "vdsm", - "version": { - "version_data": [ - { - "version_value": "through 2013-07-24" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,12 +27,36 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "RedHat", + "product": { + "product_data": [ + { + "product_name": "vdsm", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "through 2013-07-24" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2013-4280", + "url": "https://access.redhat.com/security/cve/cve-2013-4280", "refsource": "MISC", - "name": "https://security-tracker.debian.org/tracker/CVE-2013-4280" + "name": "https://access.redhat.com/security/cve/cve-2013-4280" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4280", @@ -63,9 +64,9 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4280" }, { - "url": "https://access.redhat.com/security/cve/cve-2013-4280", + "url": "https://security-tracker.debian.org/tracker/CVE-2013-4280", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/cve-2013-4280" + "name": "https://security-tracker.debian.org/tracker/CVE-2013-4280" } ] } diff --git a/2013/4xxx/CVE-2013-4282.json b/2013/4xxx/CVE-2013-4282.json index 99ecf0958d6..625b3248ad6 100644 --- a/2013/4xxx/CVE-2013-4282.json +++ b/2013/4xxx/CVE-2013-4282.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2013-4282 spice: stack buffer overflow in reds_handle_ticket() function" + "value": "Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Stack-based Buffer Overflow", - "cweId": "CWE-121" + "value": "n/a" } ] } @@ -32,38 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 5", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:0.3.0-56.el5_10.1", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 6", - "version": { - "version_data": [ - { - "version_value": "0:0.12.0-12.el6_4.5", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", - "version": { - "version_data": [ - { - "version_value": "0:6.4-20131016.0.el6_4", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -115,56 +92,6 @@ "url": "http://www.ubuntu.com/usn/USN-2027-1", "refsource": "MISC", "name": "http://www.ubuntu.com/usn/USN-2027-1" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2013:1460", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:1460" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2013:1473", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:1473" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2013:1474", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:1474" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2013-4282", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2013-4282" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000443", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1000443" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "LOW", - "accessVector": "ADJACENT_NETWORK", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.1, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", - "version": "2.0" } ] } diff --git a/2013/4xxx/CVE-2013-4283.json b/2013/4xxx/CVE-2013-4283.json index 9571c439904..f89e42f73e6 100644 --- a/2013/4xxx/CVE-2013-4283.json +++ b/2013/4xxx/CVE-2013-4283.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4283", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2013:1182", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1182.html" + "url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8", + "refsource": "MISC", + "name": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8" }, { - "name": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8", - "refsource": "CONFIRM", - "url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1182.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1182.html" }, { - "name": "54650", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/54650" + "url": "http://secunia.com/advisories/54586", + "refsource": "MISC", + "name": "http://secunia.com/advisories/54586" }, { - "name": "54586", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/54586" + "url": "http://secunia.com/advisories/54650", + "refsource": "MISC", + "name": "http://secunia.com/advisories/54650" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=999634", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999634" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999634", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=999634" } ] } diff --git a/2016/9xxx/CVE-2016-9922.json b/2016/9xxx/CVE-2016-9922.json index f80f995790e..ad8aa63e322 100644 --- a/2016/9xxx/CVE-2016-9922.json +++ b/2016/9xxx/CVE-2016-9922.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2016-9921 CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy" + "value": "The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Divide By Zero", - "cweId": "CWE-369" + "value": "n/a" } ] } @@ -32,82 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-14.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -145,16 +78,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2017:2408" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-9922", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-9922" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398" - }, { "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", "refsource": "MISC", @@ -164,51 +87,11 @@ "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html", "refsource": "MISC", "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Jiangxin (Huawei Inc.), Li Qiang (Qihoo 360), and Qinghao Tang (Qihoo 360) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 2.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", - "version": "2.0" }, { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "LOW", - "baseScore": 3, - "baseSeverity": "LOW", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398" } ] } diff --git a/2018/10xxx/CVE-2018-10839.json b/2018/10xxx/CVE-2018-10839.json index e51252a9014..f168e5b2962 100644 --- a/2018/10xxx/CVE-2018-10839.json +++ b/2018/10xxx/CVE-2018-10839.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the network, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario." + "value": "Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Stack-based Buffer Overflow", + "value": "CWE-121", "cweId": "CWE-121" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "The QEMU Project", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "Qemu-kvm", "version": { "version_data": [ { - "version_value": "2:0.12.1.2-2.506.el6_10.5", - "version_affected": "!" + "version_affected": "=", + "version_value": "<= 3.0.0" } ] } @@ -69,16 +69,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2019:2892" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-10839", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-10839" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581013", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1581013" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839", "refsource": "MISC", @@ -101,12 +91,6 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Arash Tohidi and Daniel Shapira (Twistlock) for reporting this issue." - } - ], "impact": { "cvss": [ { diff --git a/2018/1xxx/CVE-2018-1047.json b/2018/1xxx/CVE-2018-1047.json index d1c2793b5d5..929b0aa482e 100644 --- a/2018/1xxx/CVE-2018-1047.json +++ b/2018/1xxx/CVE-2018-1047.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A path traversal vulnerability was discovered in Undertow's org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files." + "value": "A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - "cweId": "CWE-22" + "value": "CWE-20->CWE-22", + "cweId": "CWE-20" } ] } @@ -32,187 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "Red Hat, Inc.", "product": { "product_data": [ { - "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", + "product_name": "Wildfly", "version": { "version_data": [ { - "version_value": "0:1.5.5.010-1.redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:5.1.13-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:8.2.10-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.4.8-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:4.0.10-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.2.13-5.SP2_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.0.4-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-3.SP2_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:3.5.5-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:3.6.14-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.3.9-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:5.0.3-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.5.5-11.SP10_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.4.18-5.SP5_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.4.7-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.1.2-1.GA_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.1.9-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:1.0.6-1.Final_redhat_1.1.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:2.9.16-2.Final_redhat_1.2.ep7.el6", - "version_affected": "!" - }, - { - "version_value": "0:7.1.2-1.GA_redhat_1.ep7.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "0:1.5.5.010-1.redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:5.1.13-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:8.2.10-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.4.8-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.0.10-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.2.13-5.SP2_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.0.4-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.4-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.4.0-3.SP2_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.5.5-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.6.14-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.3.9-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:5.0.3-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.5.5-11.SP10_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.4.18-5.SP5_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.4.7-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:7.1.2-1.GA_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.1.9-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:1.0.6-1.Final_redhat_1.1.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:2.9.16-2.Final_redhat_1.2.ep7.el7", - "version_affected": "!" - }, - { - "version_value": "0:7.1.2-1.GA_redhat_1.ep7.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "9.x" } ] } @@ -251,37 +80,14 @@ "name": "https://access.redhat.com/errata/RHSA-2018:2938" }, { - "url": "https://access.redhat.com/security/cve/CVE-2018-1047", + "url": "https://issues.jboss.org/browse/WFLY-9620", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-1047" + "name": "https://issues.jboss.org/browse/WFLY-9620" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528361", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1528361" - }, - { - "url": "https://issues.jboss.org/browse/WFLY-9620", - "refsource": "MISC", - "name": "https://issues.jboss.org/browse/WFLY-9620" - } - ] - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.6, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" } ] } diff --git a/2018/1xxx/CVE-2018-1048.json b/2018/1xxx/CVE-2018-1048.json index cc49dd4fcd6..e93f3e7c4db 100644 --- a/2018/1xxx/CVE-2018-1048.json +++ b/2018/1xxx/CVE-2018-1048.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2018-01-15T00:00:00", "ID": "CVE-2018-1048", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "undertow as shipped in Jboss EAP 7.1.0.GA", - "version": { - "version_data": [ - { - "version_value": "7.1.0.GA" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,38 +21,63 @@ "description": [ { "lang": "eng", - "value": "CWE-22" + "value": "CWE-22", + "cweId": "CWE-22" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "undertow as shipped in Jboss EAP 7.1.0.GA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.1.0.GA" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2018:0479", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0479" + "url": "https://access.redhat.com/errata/RHSA-2018:0478", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0478" }, { - "name": "RHSA-2018:0481", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0481" + "url": "https://access.redhat.com/errata/RHSA-2018:0479", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0479" }, { - "name": "RHSA-2018:0480", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0480" + "url": "https://access.redhat.com/errata/RHSA-2018:0480", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0480" }, { - "name": "RHSA-2018:0478", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0478" + "url": "https://access.redhat.com/errata/RHSA-2018:0481", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0481" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1534343", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534343" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534343", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1534343" } ] } diff --git a/2018/1xxx/CVE-2018-1057.json b/2018/1xxx/CVE-2018-1057.json index fd13d1af40d..f9b08ee29c0 100644 --- a/2018/1xxx/CVE-2018-1057.json +++ b/2018/1xxx/CVE-2018-1057.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2018-03-13T00:00:00", "ID": "CVE-2018-1057", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Samba", - "version": { - "version_data": [ - { - "version_value": "All versions of Samba from 4.0.0 onwards." - } - ] - } - } - ] - }, - "vendor_name": "Samba" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,63 +21,88 @@ "description": [ { "lang": "eng", - "value": "CWE-863" + "value": "CWE-863", + "cweId": "CWE-863" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samba", + "product": { + "product_data": [ + { + "product_name": "Samba", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions of Samba from 4.0.0 onwards." + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "103382", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/103382" + "url": "http://www.securityfocus.com/bid/103382", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/103382" }, { - "name": "DSA-4135", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4135" + "url": "http://www.securitytracker.com/id/1040494", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1040494" }, { - "name": "USN-3595-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3595-1/" + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html" }, { - "name": "1040494", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1040494" + "url": "https://security.gentoo.org/glsa/201805-07", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201805-07" }, { - "name": "GLSA-201805-07", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201805-07" + "url": "https://security.netapp.com/advisory/ntap-20180313-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20180313-0001/" }, { - "name": "https://security.netapp.com/advisory/ntap-20180313-0001/", - "refsource": "CONFIRM", - "url": "https://security.netapp.com/advisory/ntap-20180313-0001/" + "url": "https://usn.ubuntu.com/3595-1/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/3595-1/" }, { - "name": "https://www.samba.org/samba/security/CVE-2018-1057.html", - "refsource": "CONFIRM", - "url": "https://www.samba.org/samba/security/CVE-2018-1057.html" + "url": "https://www.debian.org/security/2018/dsa-4135", + "refsource": "MISC", + "name": "https://www.debian.org/security/2018/dsa-4135" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1553553", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553553" + "url": "https://www.samba.org/samba/security/CVE-2018-1057.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2018-1057.html" }, { - "name": "https://www.synology.com/support/security/Synology_SA_18_08", - "refsource": "CONFIRM", - "url": "https://www.synology.com/support/security/Synology_SA_18_08" + "url": "https://www.synology.com/support/security/Synology_SA_18_08", + "refsource": "MISC", + "name": "https://www.synology.com/support/security/Synology_SA_18_08" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update", - "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553553", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1553553" } ] } diff --git a/2018/1xxx/CVE-2018-1065.json b/2018/1xxx/CVE-2018-1065.json index fcf86c6d80c..c54b4c599c1 100644 --- a/2018/1xxx/CVE-2018-1065.json +++ b/2018/1xxx/CVE-2018-1065.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in the netfilter/iptables subsystem. A user with the netfilter modification capabilities could insert a rule which could panic the system." + "value": "The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "NULL Pointer Dereference", - "cweId": "CWE-476" + "value": "NULL pointer dereference" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "Linux kernel 4.15.0-rc9", "version": { "version_data": [ { - "version_value": "0:4.14.0-115.el7a", - "version_affected": "!" + "version_affected": "=", + "version_value": "Linux kernel 4.15.0-rc9" } ] } @@ -84,16 +83,6 @@ "refsource": "MISC", "name": "http://www.securitytracker.com/id/1040446" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-1065", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-1065" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824" - }, { "url": "https://github.com/torvalds/linux/commit/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8", "refsource": "MISC", @@ -113,24 +102,11 @@ "url": "https://usn.ubuntu.com/3656-1/", "refsource": "MISC", "name": "https://usn.ubuntu.com/3656-1/" - } - ] - }, - "impact": { - "cvss": [ + }, { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824" } ] } diff --git a/2018/1xxx/CVE-2018-1069.json b/2018/1xxx/CVE-2018-1069.json index b5cff6cb7d0..2690d5b8323 100644 --- a/2018/1xxx/CVE-2018-1069.json +++ b/2018/1xxx/CVE-2018-1069.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2018-03-07T00:00:00", "ID": "CVE-2018-1069", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "OpenShift Enterprise", - "version": { - "version_data": [ - { - "version_value": "3.7" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-284 (Improper Access Control)" + "value": "CWE-284 (Improper Access Control)", + "cweId": "CWE-284" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat, Inc.", + "product": { + "product_data": [ + { + "product_name": "OpenShift Enterprise", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.7" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552987", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552987" + "url": "http://www.securityfocus.com/bid/103364", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/103364" }, { - "name": "103364", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/103364" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552987", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552987" } ] } diff --git a/2018/1xxx/CVE-2018-1075.json b/2018/1xxx/CVE-2018-1075.json index 817289bbee7..f98b35b6197 100644 --- a/2018/1xxx/CVE-2018-1075.json +++ b/2018/1xxx/CVE-2018-1075.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in ovirt-engine. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords." + "value": "ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Insertion of Sensitive Information into Log File", + "value": "CWE-532", "cweId": "CWE-532" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "[UNKNOWN]", "product": { "product_data": [ { - "product_name": "Red Hat Virtualization Engine 4.2", + "product_name": "ovirt-engine", "version": { "version_data": [ { - "version_value": "0:4.2.4.5-1", - "version_affected": "!" + "version_affected": "=", + "version_value": "up to ovirt-engine 4.2.3" } ] } @@ -59,16 +59,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2018:2071" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-1075", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-1075" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542508", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1542508" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1075", "refsource": "MISC", @@ -81,12 +71,6 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "This issue was discovered by Yedidyah Bar David (Red Hat)." - } - ], "impact": { "cvss": [ { diff --git a/2018/1xxx/CVE-2018-1078.json b/2018/1xxx/CVE-2018-1078.json index 141f62ac9ce..ca3dfa16270 100644 --- a/2018/1xxx/CVE-2018-1078.json +++ b/2018/1xxx/CVE-2018-1078.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_ASSIGNED": "2018-03-14", "ID": "CVE-2018-1078", - "REQUESTER": "kseifried@redhat.com", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "OpenDayLight", - "version": { - "version_data": [ - { - "version_value": "Carbon SR3" - } - ] - } - } - ] - }, - "vendor_name": "OpenDayLight" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -46,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-20" + "value": "CWE-20", + "cweId": "CWE-20" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenDayLight", + "product": { + "product_data": [ + { + "product_name": "OpenDayLight", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Carbon SR3" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1533501", + "url": "https://jira.opendaylight.org/browse/OPNFLWPLUG-971", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533501" + "name": "https://jira.opendaylight.org/browse/OPNFLWPLUG-971" }, { - "name": "https://jira.opendaylight.org/browse/OPNFLWPLUG-971", - "refsource": "CONFIRM", - "url": "https://jira.opendaylight.org/browse/OPNFLWPLUG-971" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533501", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1533501" } ] }