admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 16:01:59 +00:00
parent 999aae951a
commit aecac486e8
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
41 changed files with 6852 additions and 2096 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
2014/0xxx/CVE-2014-0180.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0180",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors."
"value": "CVE-2014-0180 CFME: app/controllers/application_controller.rb wait_for_task DoS"
}
]
},
@ -44,18 +21,87 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.x",
"version": {
"version_data": [
{
"version_value": "0:5.2.4.2-1.el6cf",
"version_affected": "!"
},
{
"version_value": "1:3.2.13-8.el6cf",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0816",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0816",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0816"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0180",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0180"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087909",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1087909"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

214
2014/0xxx/CVE-2014-0182.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0182",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image."
"value": "CVE-2014-0182 qemu: virtio: out-of-bounds buffer write on state load with invalid config_len"
}
]
},
@ -44,38 +21,187 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.10",
"version_affected": "!"
}
]
}
},
{
"product_name": "OpenStack 4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-60.el7_0.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-60.el7_0.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.10",
"version_affected": "!"
},
{
"version_value": "0:6.5-20140603.2.el6ev",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0743",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html",
"refsource": "MISC",
"name": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "FEDORA-2014-6288",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc"
"url": "https://access.redhat.com/errata/RHSA-2014:0674",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0674"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0743",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0743"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0744",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0744"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0888",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0888"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0927",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0927"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1268",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1268"
},
{
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0182",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0182"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088986",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1088986"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

110
2014/0xxx/CVE-2014-0184.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0184",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file."
"value": "CVE-2014-0184 CFME: root password is written to evm.log when entered during VM provisioning"
}
]
},
@ -44,18 +21,87 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.x",
"version": {
"version_data": [
{
"version_value": "0:5.2.4.2-1.el6cf",
"version_affected": "!"
},
{
"version_value": "1:3.2.13-8.el6cf",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0816",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0816",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0816"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0184",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0184"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1089131",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1089131"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
]
}

112
2014/0xxx/CVE-2014-0200.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0200",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the file."
"value": "CVE-2014-0200 ovirt-engine-reports: js-jboss7-ds.xml is world-readable"
}
]
},
@ -44,23 +21,88 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.3",
"version": {
"version_data": [
{
"version_value": "0:3.3.3-1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "67684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67684"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0558.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0558.html"
},
{
"name": "RHSA-2014:0558",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0558.html"
"url": "http://www.securityfocus.com/bid/67684",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/67684"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0558",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0558"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0200",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0200"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094229",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094229"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

106
2014/0xxx/CVE-2014-0202.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0202",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file."
"value": "CVE-2014-0202 ovirt-engine-dwh: setup script logs database password in cleartext"
}
]
},
@ -44,18 +21,83 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.3",
"version": {
"version_data": [
{
"version_value": "0:3.3.3-1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0559",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0559.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0559.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0559.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0559",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0559"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0202",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0202"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094234",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094234"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

1389
2014/0xxx/CVE-2014-0208.json
View File

File diff suppressed because it is too large Load Diff

112
2014/3xxx/CVE-2014-3485.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3485",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue."
"value": "CVE-2014-3485 ovirt-engine-api: XML eXternal Entity (XXE) flaw"
}
]
},
@ -44,23 +21,88 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.4",
"version": {
"version_data": [
{
"version_value": "0:3.4.0-22",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1030501",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030501"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0814.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0814.html"
},
{
"name": "RHSA-2014:0814",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0814.html"
"url": "http://www.securitytracker.com/id/1030501",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1030501"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0814",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0814"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-3485",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3485"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107472",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1107472"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
}

116
2014/3xxx/CVE-2014-3489.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3489",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack."
"value": "CVE-2014-3489 CFME: Default salt value in miq-password.rb"
}
]
},
@ -44,23 +21,92 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.x",
"version": {
"version_data": [
{
"version_value": "0:5.2.4.2-1.el6cf",
"version_affected": "!"
},
{
"version_value": "1:3.2.13-8.el6cf",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "68299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68299"
"url": "https://access.redhat.com/errata/RHSA-2014:0816",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0816"
},
{
"name": "RHSA-2014:0816",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
},
{
"url": "http://www.securityfocus.com/bid/68299",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/68299"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-3489",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3489"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107853",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1107853"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

1387
2014/3xxx/CVE-2014-3531.json
View File

File diff suppressed because it is too large Load Diff

167
2014/3xxx/CVE-2014-3534.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3534",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call."
"value": "It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word (PSW) was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read and write access to kernel memory."
}
]
},
@ -44,68 +21,134 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Privilege Assignment",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-123.6.3.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "linux-cve20143534-priv-esc(95069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95069"
"url": "https://access.redhat.com/errata/RHSA-2014:1023",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1023"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1114089",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114089"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318"
},
{
"name": "59790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59790"
"url": "http://secunia.com/advisories/59790",
"refsource": "MISC",
"name": "http://secunia.com/advisories/59790"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8"
"url": "http://secunia.com/advisories/60351",
"refsource": "MISC",
"name": "http://secunia.com/advisories/60351"
},
{
"name": "68940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68940"
"url": "http://www.debian.org/security/2014/dsa-2992",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-2992"
},
{
"name": "https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dab6cf55f81a6e16b8147aed9a843e1691dcd318",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dab6cf55f81a6e16b8147aed9a843e1691dcd318"
"url": "http://www.osvdb.org/109546",
"refsource": "MISC",
"name": "http://www.osvdb.org/109546"
},
{
"name": "1030683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030683"
"url": "http://www.securityfocus.com/bid/68940",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/68940"
},
{
"name": "109546",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/109546"
"url": "http://www.securitytracker.com/id/1030683",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1030683"
},
{
"name": "DSA-2992",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2992"
"url": "https://access.redhat.com/security/cve/CVE-2014-3534",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3534"
},
{
"name": "60351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60351"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114089",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1114089"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95069",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95069"
},
{
"url": "https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Martin Schwidefsky (IBM) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

141
2014/3xxx/CVE-2014-3535.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3535",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface."
"value": "A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface."
}
]
},
@ -44,38 +21,114 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.29.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "0:6.5-20140821.1.el6ev",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36",
"refsource": "CONFIRM",
"url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=256df2f3879efdb2e9808bdb1b54b16fbb11fa38",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=256df2f3879efdb2e9808bdb1b54b16fbb11fa38"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=256df2f3879efdb2e9808bdb1b54b16fbb11fa38",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=256df2f3879efdb2e9808bdb1b54b16fbb11fa38"
"url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36",
"refsource": "MISC",
"name": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36"
},
{
"name": "69721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69721"
"url": "http://www.securityfocus.com/bid/69721",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/69721"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1114540",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114540"
"url": "https://access.redhat.com/errata/RHSA-2014:1167",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1167"
},
{
"name": "https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38"
"url": "https://access.redhat.com/errata/RHSA-2014:1168",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1168"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-3535",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3535"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114540",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1114540"
},
{
"url": "https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

119
2014/3xxx/CVE-2014-3559.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3559",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume."
"value": "It was found that the oVirt storage back end did not wipe memory snapshots when VMs were deleted, even if wipe-after-delete (WAD) was enabled for the VM's disks. A remote attacker with credentials to create a new VM could use this flaw to potentially access the contents of memory snapshots in an uninitialized storage volume, possibly leading to the disclosure of sensitive information."
}
]
},
@ -44,33 +21,93 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Removal of Sensitive Information Before Storage or Transfer",
"cweId": "CWE-212"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.4",
"version": {
"version_data": [
{
"version_value": "0:3.4.0-31",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1030664",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030664"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1002.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1002.html"
},
{
"name": "virtualizationmanager-cve20143559-info-disc(95098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95098"
"url": "http://www.securitytracker.com/id/1030664",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1030664"
},
{
"name": "RHSA-2014:1002",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1002.html"
"url": "https://access.redhat.com/errata/RHSA-2014:1002",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1002"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121925",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121925"
"url": "https://access.redhat.com/security/cve/CVE-2014-3559",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3559"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121925",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121925"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95098",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95098"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
}

177
2014/3xxx/CVE-2014-3565.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3565",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message."
"value": "A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the \"-OQ\" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash."
}
]
},
@ -44,68 +21,144 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Access of Resource Using Incompatible Type ('Type Confusion')",
"cweId": "CWE-843"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "1:5.5-54.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "1:5.7.2-24.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-10-21-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "https://support.apple.com/HT205375",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205375"
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"name": "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/"
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html"
},
{
"name": "http://sourceforge.net/p/net-snmp/official-patches/48/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/net-snmp/official-patches/48/"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1385.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1385.html"
},
{
"name": "69477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69477"
"url": "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/",
"refsource": "MISC",
"name": "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://sourceforge.net/p/net-snmp/official-patches/48/",
"refsource": "MISC",
"name": "http://sourceforge.net/p/net-snmp/official-patches/48/"
},
{
"name": "USN-2711-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2711-1"
"url": "http://www.securityfocus.com/bid/69477",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/69477"
},
{
"name": "openSUSE-SU-2014:1108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html"
"url": "http://www.ubuntu.com/usn/USN-2711-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2711-1"
},
{
"name": "GLSA-201507-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-17"
"url": "https://access.redhat.com/errata/RHSA-2015:1385",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1385"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1125155",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125155"
"url": "https://access.redhat.com/errata/RHSA-2015:2345",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2345"
},
{
"name": "RHSA-2015:1385",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1385.html"
"url": "https://access.redhat.com/security/cve/CVE-2014-3565",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3565"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125155",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1125155"
},
{
"url": "https://security.gentoo.org/glsa/201507-17",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201507-17"
},
{
"url": "https://support.apple.com/HT205375",
"refsource": "MISC",
"name": "https://support.apple.com/HT205375"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

107
2014/3xxx/CVE-2014-3593.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3593",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration."
"value": "It was discovered that luci used eval() on inputs containing strings from the cluster configuration file when generating its web pages. An attacker with privileges to create or edit the cluster configuration could use this flaw to execute arbitrary code as the luci user on a host running luci."
}
]
},
@ -44,23 +21,83 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:0.26.0-63.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1390",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1390.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1390.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1390.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=989005",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=989005"
"url": "https://access.redhat.com/errata/RHSA-2014:1390",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1390"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-3593",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3593"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=989005",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=989005"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

210
2018/14xxx/CVE-2018-14652.json
View File

@ -1,101 +1,191 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14652",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "glusterfs",
"version": {
"version_data": [
{
"version_value": "through 3.12 and 4.1.4"
}
]
}
}
]
},
"vendor_name": "The Gluster Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service."
"value": "A buffer overflow was found in strncpy of the pl_getxattr() function. An authenticated attacker could remotely overflow the buffer by sending a buffer of larger length than the size of the key resulting in remote denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Native Client for RHEL 6 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Native Client for RHEL 7 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el6rhs",
"version_affected": "!"
},
{
"version_value": "0:3.4.1.0-1.el6rhs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.4 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el7rhgs",
"version_affected": "!"
},
{
"version_value": "0:3.4.1.0-1.el7rhgs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.29-1.el7ev",
"version_affected": "!"
},
{
"version_value": "0:4.2-7.3.el7",
"version_affected": "!"
},
{
"version_value": "0:4.2-20181026.0.el7_6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3431",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3431"
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
},
{
"name": "[debian-lts-announce] 20181105 [SECURITY] [DLA 1565-1] glusterfs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html"
"url": "https://security.gentoo.org/glsa/201904-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201904-06"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652"
"url": "https://access.redhat.com/errata/RHSA-2018:3431",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3431"
},
{
"name": "RHSA-2018:3432",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3432"
"url": "https://access.redhat.com/errata/RHSA-2018:3432",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3432"
},
{
"name": "RHSA-2018:3470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-201904-06",
"url": "https://security.gentoo.org/glsa/201904-06"
"url": "https://access.redhat.com/errata/RHSA-2018:3470",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
"url": "https://access.redhat.com/security/cve/CVE-2018-14652",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-14652"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632974",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1632974"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

210
2018/14xxx/CVE-2018-14653.json
View File

@ -1,101 +1,191 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14653",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "glusterfs",
"version": {
"version_data": [
{
"version_value": "through 3.12 and 4.1.4"
}
]
}
}
]
},
"vendor_name": "The Gluster Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact."
"value": "A buffer overflow on the heap was found in gf_getspec_req RPC request. A remote, authenticated attacker could use this flaw to cause denial of service and read arbitrary files on glusterfs server node."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Native Client for RHEL 6 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Native Client for RHEL 7 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el6rhs",
"version_affected": "!"
},
{
"version_value": "0:3.4.1.0-1.el6rhs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.4 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el7rhgs",
"version_affected": "!"
},
{
"version_value": "0:3.4.1.0-1.el7rhgs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.29-1.el7ev",
"version_affected": "!"
},
{
"version_value": "0:4.2-7.3.el7",
"version_affected": "!"
},
{
"version_value": "0:4.2-20181026.0.el7_6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3431",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3431"
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14653",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14653"
"url": "https://security.gentoo.org/glsa/201904-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201904-06"
},
{
"name": "[debian-lts-announce] 20181105 [SECURITY] [DLA 1565-1] glusterfs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html"
"url": "https://access.redhat.com/errata/RHSA-2018:3431",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3431"
},
{
"name": "RHSA-2018:3432",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3432"
"url": "https://access.redhat.com/errata/RHSA-2018:3432",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3432"
},
{
"name": "RHSA-2018:3470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-201904-06",
"url": "https://security.gentoo.org/glsa/201904-06"
"url": "https://access.redhat.com/errata/RHSA-2018:3470",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
"url": "https://access.redhat.com/security/cve/CVE-2018-14653",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-14653"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633431",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1633431"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14653",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14653"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

210
2018/14xxx/CVE-2018-14659.json
View File

@ -1,101 +1,191 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14659",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "glusterfs",
"version": {
"version_data": [
{
"version_value": "through 3.1.2 and 4.1.4"
}
]
}
}
]
},
"vendor_name": "The Gluster Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory."
"value": "A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Native Client for RHEL 6 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Native Client for RHEL 7 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el6rhs",
"version_affected": "!"
},
{
"version_value": "0:3.4.1.0-1.el6rhs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.4 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el7rhgs",
"version_affected": "!"
},
{
"version_value": "0:3.4.1.0-1.el7rhgs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.12.2-25.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.29-1.el7ev",
"version_affected": "!"
},
{
"version_value": "0:4.2-7.3.el7",
"version_affected": "!"
},
{
"version_value": "0:4.2-20181026.0.el7_6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3431",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3431"
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
},
{
"name": "[debian-lts-announce] 20181105 [SECURITY] [DLA 1565-1] glusterfs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html"
"url": "https://security.gentoo.org/glsa/201904-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201904-06"
},
{
"name": "RHSA-2018:3432",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3432"
"url": "https://access.redhat.com/errata/RHSA-2018:3431",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3431"
},
{
"name": "RHSA-2018:3470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
"url": "https://access.redhat.com/errata/RHSA-2018:3432",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3432"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659"
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-201904-06",
"url": "https://security.gentoo.org/glsa/201904-06"
"url": "https://access.redhat.com/errata/RHSA-2018:3470",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
"url": "https://access.redhat.com/security/cve/CVE-2018-14659",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-14659"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635929",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1635929"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}

134
2018/16xxx/CVE-2018-16863.json
View File

@ -1,96 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16863",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ghostscript",
"version": {
"version_data": [
{
"version_value": "9.07"
}
]
}
}
]
},
"vendor_name": "Artifex"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7."
"value": "It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-184"
"value": "Incomplete List of Disallowed Inputs",
"cweId": "CWE-184"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:9.07-31.el7_6.3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33"
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519",
"refsource": "MISC",
"name": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d"
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33",
"refsource": "MISC",
"name": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863"
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d",
"refsource": "MISC",
"name": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d"
},
{
"name": "RHSA-2018:3761",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3761"
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486",
"refsource": "MISC",
"name": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486"
"url": "https://access.redhat.com/errata/RHSA-2018:3761",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3761"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519"
"url": "https://access.redhat.com/security/cve/CVE-2018-16863",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-16863"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652893",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1652893"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
}

300
2018/16xxx/CVE-2018-16866.json
View File

@ -1,144 +1,238 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16866",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "systemd",
"version": {
"version_data": [
{
"version_value": "from v221 to v239"
}
]
}
}
]
},
"vendor_name": "The systemd Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable."
"value": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Ansible Tower 3.4 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "1.4.15-28",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:219-67.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:219-42.el7_4.20",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:219-42.el7_4.20",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "0:219-42.el7_4.20",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:219-57.el7_5.9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:219-62.el7_6.11",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "DSA-4367",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4367"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190117-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190117-0001/"
},
{
"name": "https://www.qualys.com/2019/01/09/system-down/system-down.txt",
"url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html",
"refsource": "MISC",
"url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866"
},
{
"name": "USN-3855-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3855-1/"
},
{
"name": "106527",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106527"
},
{
"name": "GLSA-201903-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-07"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190510 Re: System Down: A systemd-journald exploit",
"url": "http://www.openwall.com/lists/oss-security/2019/05/10/4"
},
{
"refsource": "BUGTRAQ",
"name": "20190513 Re: System Down: A systemd-journald exploit",
"url": "https://seclists.org/bugtraq/2019/May/25"
"name": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/May/21",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html",
"url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html"
"name": "http://seclists.org/fulldisclosure/2019/May/21"
},
{
"refsource": "FULLDISC",
"name": "20190513 Re: System Down: A systemd-journald exploit",
"url": "http://seclists.org/fulldisclosure/2019/May/21"
"url": "http://www.openwall.com/lists/oss-security/2019/05/10/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/05/10/4"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2091",
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
"url": "http://www.securityfocus.com/bid/106527",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/106527"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3222",
"url": "https://access.redhat.com/errata/RHSA-2019:3222"
"url": "https://access.redhat.com/errata/RHBA-2020:0547",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2020:0547"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0593",
"url": "https://access.redhat.com/errata/RHSA-2020:0593"
"url": "https://access.redhat.com/errata/RHSA-2019:2091",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3222",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3222"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0593",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0593"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:1264",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1264"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-16866",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-16866"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653867",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1653867"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866"
},
{
"url": "https://seclists.org/bugtraq/2019/May/25",
"refsource": "MISC",
"name": "https://seclists.org/bugtraq/2019/May/25"
},
{
"url": "https://security.gentoo.org/glsa/201903-07",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201903-07"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190117-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20190117-0001/"
},
{
"url": "https://usn.ubuntu.com/3855-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3855-1/"
},
{
"url": "https://www.debian.org/security/2019/dsa-4367",
"refsource": "MISC",
"name": "https://www.debian.org/security/2019/dsa-4367"
},
{
"url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt",
"refsource": "MISC",
"name": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Qualys Research Labs for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}

357
2018/16xxx/CVE-2018-16884.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16884",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel:",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,139 +15,249 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.27.2.rt56.940.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.27.2.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.26.1.el7a",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.58.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-147.rt24.93.el8",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-147.el8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-80.15.1.el8_0",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.58.1.rt56.652.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "106253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106253"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"refsource": "UBUNTU",
"name": "USN-3932-1",
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-3932-2",
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"refsource": "UBUNTU",
"name": "USN-3981-1",
"url": "https://usn.ubuntu.com/3981-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-3980-1",
"url": "https://usn.ubuntu.com/3980-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-3980-2",
"url": "https://usn.ubuntu.com/3980-2/"
},
{
"refsource": "UBUNTU",
"name": "USN-3981-2",
"url": "https://usn.ubuntu.com/3981-2/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1873",
"url": "https://access.redhat.com/errata/RHSA-2019:1873"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1891",
"url": "https://access.redhat.com/errata/RHSA-2019:1891"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2696",
"url": "https://access.redhat.com/errata/RHSA-2019:2696"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2730",
"url": "https://access.redhat.com/errata/RHSA-2019:2730"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3309",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3517",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0204",
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "https://patchwork.kernel.org/patch/10733769/",
"refsource": "CONFIRM",
"url": "https://patchwork.kernel.org/patch/10733769/"
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "https://patchwork.kernel.org/cover/10733767/",
"refsource": "CONFIRM",
"url": "https://patchwork.kernel.org/cover/10733767/"
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K21430012",
"url": "https://support.f5.com/csp/article/K21430012"
"url": "http://www.securityfocus.com/bid/106253",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/106253"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:1873",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1873"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:1891",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1891"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:2696",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2696"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:2730",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2730"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3309",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3517",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0204",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:2854",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:2854"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-16884",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-16884"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660375",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1660375"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"
},
{
"url": "https://patchwork.kernel.org/cover/10733767/",
"refsource": "MISC",
"name": "https://patchwork.kernel.org/cover/10733767/"
},
{
"url": "https://patchwork.kernel.org/patch/10733769/",
"refsource": "MISC",
"name": "https://patchwork.kernel.org/patch/10733769/"
},
{
"url": "https://support.f5.com/csp/article/K21430012",
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K21430012"
},
{
"url": "https://usn.ubuntu.com/3932-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3932-1/"
},
{
"url": "https://usn.ubuntu.com/3932-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3932-2/"
},
{
"url": "https://usn.ubuntu.com/3980-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3980-1/"
},
{
"url": "https://usn.ubuntu.com/3980-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3980-2/"
},
{
"url": "https://usn.ubuntu.com/3981-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3981-1/"
},
{
"url": "https://usn.ubuntu.com/3981-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3981-2/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Evgenii Shatokhin (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
}
]
}

152
2018/16xxx/CVE-2018-16889.json
View File

@ -1,91 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16889",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ceph",
"version": {
"version_data": [
{
"version_value": "up to v13.2.4"
}
]
}
}
]
},
"vendor_name": "The Ceph Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable."
"value": "It was found that Ceph RGW did not properly sanitize encryption keys in debug logging for v4 auth. Encryption keys could be inadvertently disclosed when sharing debug logs."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
"value": "Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Ceph Storage 3.3",
"version": {
"version_data": [
{
"version_value": "2:12.2.12-45.el7cp",
"version_affected": "!"
},
{
"version_value": "0:3.2.24-1.el7cp",
"version_affected": "!"
},
{
"version_value": "0:2.6-19.el7cp",
"version_affected": "!"
},
{
"version_value": "0:2.0.6-1.el7cp",
"version_affected": "!"
},
{
"version_value": "0:1.7.4-1.el7cp",
"version_affected": "!"
},
{
"version_value": "0:2.7.4-10.el7cp",
"version_affected": "!"
},
{
"version_value": "0:2.6.1-16.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "106528",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106528"
"url": "http://www.securityfocus.com/bid/106528",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/106528"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889"
"url": "https://access.redhat.com/errata/RHSA-2019:2538",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2538"
},
{
"refsource": "UBUNTU",
"name": "USN-4035-1",
"url": "https://usn.ubuntu.com/4035-1/"
"url": "https://access.redhat.com/errata/RHSA-2019:2541",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2541"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2538",
"url": "https://access.redhat.com/errata/RHSA-2019:2538"
"url": "https://access.redhat.com/security/cve/CVE-2018-16889",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-16889"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2541",
"url": "https://access.redhat.com/errata/RHSA-2019:2541"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665334",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1665334"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889"
},
{
"url": "https://usn.ubuntu.com/4035-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4035-1/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

174
2019/10xxx/CVE-2019-10132.json
View File

@ -1,25 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10132",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libvirt in version 4.1.0 and earlier. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "libvirt",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "libvirt",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "affects >= 4.1.0"
"version_value": "0:4.5.0-10.el7_6.10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "8000020190516125745.55190bc5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"version": {
"version_data": [
{
"version_value": "8000020190530233731.55190bc5",
"version_affected": "!"
}
]
}
@ -30,78 +74,82 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2019:1264",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1264"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:1268",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1268"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:1455",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-10132",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-10132"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1706067",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1706067"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"
},
{
"url": "https://security.libvirt.org/2019/0003.html",
"refsource": "MISC",
"name": "https://security.libvirt.org/2019/0003.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132",
"refsource": "CONFIRM"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1264",
"url": "https://access.redhat.com/errata/RHSA-2019:1264"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1268",
"url": "https://access.redhat.com/errata/RHSA-2019:1268"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-5f105dd2b6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1455",
"url": "https://access.redhat.com/errata/RHSA-2019:1455"
},
{
"refsource": "UBUNTU",
"name": "USN-4021-1",
"url": "https://usn.ubuntu.com/4021-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-9210998aaa",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons."
"url": "https://usn.ubuntu.com/4021-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4021-1/"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Daniel P. Berrange (Red Hat)."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

101
2019/10xxx/CVE-2019-10136.json
View File

@ -1,25 +1,47 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10136",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that Spacewalk did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Verification of Cryptographic Signature",
"cweId": "CWE-347"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "spacewalkproject",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "spacewalk",
"product_name": "Red Hat Satellite 5.8",
"version": {
"version_data": [
{
"version_value": "spacewalk all through 2.9"
"version_value": "0:2.5.3-177.el6sat",
"version_affected": "!"
}
]
}
@ -30,48 +52,57 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10136",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10136",
"refsource": "CONFIRM"
"url": "http://www.securityfocus.com/bid/109029",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/109029"
},
{
"refsource": "BID",
"name": "109029",
"url": "http://www.securityfocus.com/bid/109029"
}
]
},
"description": {
"description_data": [
"url": "https://access.redhat.com/errata/RHSA-2019:1661",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1661"
},
{
"lang": "eng",
"value": "It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum."
"url": "https://access.redhat.com/security/cve/CVE-2019-10136",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-10136"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1708696",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1708696"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10136",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10136"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Malte Kraus (SUSE) for reporting this issue."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}
}

116
2019/10xxx/CVE-2019-10140.json
View File

@ -1,25 +1,51 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10140",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Linux kernel's implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenSource",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "kernel:",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "up to kernel-3.10"
"version_value": "0:3.10.0-1062.rt56.1022.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-1062.el7",
"version_affected": "!"
}
]
}
@ -30,48 +56,68 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140",
"refsource": "CONFIRM"
"url": "https://access.redhat.com/errata/RHSA-2019:2029",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190905-0002/",
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
}
]
},
"description": {
"description_data": [
"url": "https://access.redhat.com/errata/RHSA-2019:2043",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"lang": "eng",
"value": "A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS)."
"url": "https://access.redhat.com/security/cve/CVE-2019-10140",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-10140"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677778",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1677778"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20190905-0002/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Some systems may wish to use device-mapper as an alternative to overlayfs. This does not remove the flaw if overlayfs module is still in use."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Vasily Averin (Virtuozzo) for reporting this issue."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
}
}

127
2019/10xxx/CVE-2019-10178.json
View File

@ -1,25 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10178",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the \"Activity\" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The pki-core Project",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "pki-core",
"product_name": "Red Hat Certificate System 9.4 EUS",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "0:1.1.17-4.el7dsrv",
"version_affected": "!"
},
{
"version_value": "0:10.5.9-2.el7pki",
"version_affected": "!"
},
{
"version_value": "0:10.5.9-15.el7pki",
"version_affected": "!"
},
{
"version_value": "0:10.5.9-5.el7pki",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Certificate System 9.7",
"version": {
"version_data": [
{
"version_value": "0:10.5.18-12.el7pki",
"version_affected": "!"
},
{
"version_value": "0:10.5.18-5.el7pki",
"version_affected": "!"
}
]
}
@ -30,43 +79,57 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10178",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10178",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
"url": "https://access.redhat.com/errata/RHSA-2021:0947",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:0947"
},
{
"lang": "eng",
"value": "It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the \"Activity\" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable."
"url": "https://access.redhat.com/errata/RHSA-2021:0948",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:0948"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-10178",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-10178"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1719042",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1719042"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10178",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10178"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Pritam Singh (Red Hat)."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "4.6/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}
}

147
2019/10xxx/CVE-2019-10179.json
View File

@ -1,25 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10179",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "pki-core/pki-kra",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "all pki-core 10.x.x versions"
"version_value": "0:10.5.18-12.el7_9",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:10.5.9-15.el7_6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:10.5.16-7.el7_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "8030020200911215836.5ff1562f",
"version_affected": "!"
},
{
"version_value": "8030020200527165326.30b713e6",
"version_affected": "!"
}
]
}
@ -30,43 +89,67 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10179",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10179",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
"url": "https://access.redhat.com/errata/RHSA-2020:4847",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:4847"
},
{
"lang": "eng",
"value": "A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code."
"url": "https://access.redhat.com/errata/RHSA-2021:0819",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:0819"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:0851",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:0851"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:0975",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:0975"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-10179",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-10179"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695901",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695901"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10179",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10179"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Pritam Singh (Red Hat)."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}
}

165
2019/10xxx/CVE-2019-10181.json
View File

@ -1,25 +1,58 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10181",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Verification of Data Authenticity",
"cweId": "CWE-345"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IcedTea",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "icedtea-web",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "affects up to and including 1.7.2 and 1.8.2"
"version_value": "0:1.7.1-2.el7_6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:1.7.1-17.el8_0",
"version_affected": "!"
}
]
}
@ -30,78 +63,92 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344",
"name": "https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344",
"refsource": "CONFIRM"
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html"
},
{
"url": "https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327",
"name": "https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327",
"refsource": "CONFIRM"
"url": "http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:2003",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2003"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:2004",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2004"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-10181",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-10181"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725928",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1725928"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10181",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10181",
"refsource": "CONFIRM"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1911",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190909 [SECURITY] [DLA 1914-1] icedtea-web security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html"
},
{
"refsource": "BUGTRAQ",
"name": "20191007 CVE-2019-10181, CVE-2019-10182, CVE-2019-10185: IcedTea-Web vulnerabilities leading to RCE",
"url": "https://seclists.org/bugtraq/2019/Oct/5"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10181"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-51",
"url": "https://security.gentoo.org/glsa/202107-51"
}
]
},
"description": {
"description_data": [
"url": "https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327",
"refsource": "MISC",
"name": "https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327"
},
{
"lang": "eng",
"value": "It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox."
"url": "https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344",
"refsource": "MISC",
"name": "https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html"
},
{
"url": "https://seclists.org/bugtraq/2019/Oct/5",
"refsource": "MISC",
"name": "https://seclists.org/bugtraq/2019/Oct/5"
},
{
"url": "https://security.gentoo.org/glsa/202107-51",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202107-51"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Imre Rad for reporting this issue."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "6.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
}
}

108
2019/10xxx/CVE-2019-10194.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10194",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVE-2019-10194 ovirt-engine-metrics: disclosure of sensitive passwords in log files and ansible playbooks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,11 +36,12 @@
"product": {
"product_data": [
{
"product_name": "ovirt-engine-metrics",
"product_name": "Red Hat Virtualization Engine 4.3",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "0:1.3.3.3-1.el7ev",
"version_affected": "!"
}
]
}
@ -30,53 +52,57 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/109140",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/109140"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:2499",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2499"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-10194",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-10194"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1726007",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1726007"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194",
"refsource": "CONFIRM"
},
{
"refsource": "BID",
"name": "109140",
"url": "http://www.securityfocus.com/bid/109140"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2499",
"url": "https://access.redhat.com/errata/RHSA-2019:2499"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts."
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Avital Pinnick (Red Hat)."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
}
}

195
2019/14xxx/CVE-2019-14815.json
View File

@ -1,25 +1,70 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14815",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability found in the Linux kernel's WMM implementation for Marvell WiFi-based hardware (mwifiex) could lead to a denial of service or allow arbitrary code execution. For this flaw to be executed, the attacker must be both local and privileged. There is no mitigation to this flaw. A patch has been provided to remediate this flaw."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "kernel",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "n/a"
"version_value": "0:3.10.0-1127.rt56.1093.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.17.1.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-1127.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-147.5.1.rt24.98.el8_1",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-147.5.1.el8_1",
"version_affected": "!"
}
]
}
@ -30,88 +75,102 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2020:0328",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a",
"url": "https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a"
"name": "https://access.redhat.com/errata/RHSA-2020:0328"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0339",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2019-14815",
"url": "https://access.redhat.com/security/cve/cve-2019-14815"
"name": "https://access.redhat.com/errata/RHSA-2020:0339"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20200103-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20200103-0001/"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0174",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0174"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:1016",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1016"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:1070",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1070"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-14815",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-14815"
},
{
"url": "https://access.redhat.com/security/cve/cve-2019-14815",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2019-14815"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744137",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1744137"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815"
},
{
"url": "https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a"
},
{
"url": "https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com",
"refsource": "MISC",
"name": "https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2019/08/28/1",
"name": "https://www.openwall.com/lists/oss-security/2019/08/28/1",
"refsource": "MLIST"
},
{
"url": "https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc@gmail.com",
"name": "https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc@gmail.com",
"refsource": "MISC"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200103-0001/",
"url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0174",
"url": "https://access.redhat.com/errata/RHSA-2020:0174"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0328",
"url": "https://access.redhat.com/errata/RHSA-2020:0328"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0339",
"url": "https://access.redhat.com/errata/RHSA-2020:0339"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver."
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/08/28/1"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Huangwen (ADLab of Venustech) for reporting this issue."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

143
2019/14xxx/CVE-2019-14823.json
View File

@ -1,31 +1,58 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14823",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the \"Leaf and Chain\" OCSP policy implementation in JSS' CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improperly Implemented Security Check for Standard",
"cweId": "CWE-358"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dogtag",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "JSS",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "affects >= 4.4.6"
},
"version_value": "0:4.4.6-3.el7_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "affects >= 4.5.3"
},
{
"version_value": "affects >= 4.6.0"
"version_value": "0:4.4.4-6.el7_6",
"version_affected": "!"
}
]
}
@ -36,68 +63,72 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-358"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2019:3067",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3067"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3225",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3225"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-14823",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-14823"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747435",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1747435"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3067",
"url": "https://access.redhat.com/errata/RHSA-2019:3067"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-68c2fbcf82",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-4d33c62860",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-24a0a2f24e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3225",
"url": "https://access.redhat.com/errata/RHSA-2019:3225"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the \"Leaf and Chain\" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle."
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Alexander Scheel for reporting this issue."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "6.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
}
}

138
2019/14xxx/CVE-2019-14824.json
View File

@ -1,25 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14824",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "n/a"
"version_value": "0:1.3.9.1-12.el7_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "8010020190903200205.eb48df33",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "8000020191107193846.187e9a3f",
"version_affected": "!"
}
]
}
@ -30,58 +74,72 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "REDHAT",
"name": "RHSA-2019:3981",
"url": "https://access.redhat.com/errata/RHSA-2019:3981"
"url": "https://access.redhat.com/errata/RHSA-2019:3401",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3401"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2004-1] 389-ds-base security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
"url": "https://access.redhat.com/errata/RHSA-2019:3981",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3981"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0464",
"url": "https://access.redhat.com/errata/RHSA-2020:0464"
"url": "https://access.redhat.com/errata/RHSA-2020:0464",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0464"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-14824",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-14824"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747448",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1747448"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824"
},
{
"lang": "eng",
"value": "A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes."
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
},
{
"url": "https://pagure.io/389-ds-base/issue/50716",
"refsource": "MISC",
"name": "https://pagure.io/389-ds-base/issue/50716"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Gerald Vogt (Deutsches Klimarechenzentrum) for reporting this issue."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}
}

91
2019/14xxx/CVE-2019-14836.json
View File

@ -1,25 +1,59 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14836",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat 3scale API Management",
"product_name": "3scale API Management",
"version": {
"version_data": [
{
"version_value": "Red Hat 3scale API Management 2.10.0"
"version_value": "1.13.0-17",
"version_affected": "!"
},
{
"version_value": "2.10.0-38",
"version_affected": "!"
},
{
"version_value": "1.13.0-4",
"version_affected": "!"
},
{
"version_value": "2.10.0-9",
"version_affected": "!"
}
]
}
@ -30,32 +64,45 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847605"
},
{
"url": "https://access.redhat.com/errata/RHSA-2021:1129",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2021:1129"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-14836",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-14836"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1750928",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1750928"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks."
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
}

119
2019/14xxx/CVE-2019-14845.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14845",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in OpenShift builds. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Download of Code Without Integrity Check",
"cweId": "CWE-494"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,11 +36,23 @@
"product": {
"product_data": [
{
"product_name": "openshift",
"product_name": "Red Hat OpenShift Container Platform 4.1",
"version": {
"version_data": [
{
"version_value": "opneshift build 4.1 up to 4.3"
"version_value": "v4.1.28-201912100143",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.2",
"version": {
"version_data": [
{
"version_value": "v4.2.10-201912022352",
"version_affected": "!"
}
]
}
@ -30,53 +63,57 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2019:4101",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:4101"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:4237",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:4237"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-14845",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-14845"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1754662",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1754662"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845",
"refsource": "CONFIRM"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4101",
"url": "https://access.redhat.com/errata/RHSA-2019:4101"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4237",
"url": "https://access.redhat.com/errata/RHSA-2019:4237"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content."
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Miloslav Trma\u010d (Red Hat)."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "5.7/CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
}
}

488
2019/14xxx/CVE-2019-14895.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14895",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow was discovered in the Linux kernel's Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,11 +36,156 @@
"product": {
"product_data": [
{
"product_name": "kernel",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "all kernel versions 3.x.x and 4.x.x before 4.18.0"
"version_value": "0:3.10.0-1062.12.1.rt56.1042.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-1062.12.1.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.19.1.el7a",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.85.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.73.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.73.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.73.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.64.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.64.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-693.64.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-862.48.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.46.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-147.5.1.rt24.98.el8_1",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-147.5.1.el8_1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-80.16.1.el8_0",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-693.64.1.rt56.662.el6rt",
"version_affected": "!"
}
]
}
@ -30,168 +196,182 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0328",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0328"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0339",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0339"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0374",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0374"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0375",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0375"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"url": "https://usn.ubuntu.com/4226-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4226-1/"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0543",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0543"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0592",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0592"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0609",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0609"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0653",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0653"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0661",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0661"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0664",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0664"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0831",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0831"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:1493",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1493"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-14895",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-14895"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774870",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1774870"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/"
},
{
"url": "https://usn.ubuntu.com/4225-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4225-1/"
},
{
"url": "https://usn.ubuntu.com/4225-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4225-2/"
},
{
"url": "https://usn.ubuntu.com/4227-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4227-1/"
},
{
"url": "https://usn.ubuntu.com/4227-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4227-2/"
},
{
"url": "https://usn.ubuntu.com/4228-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4228-1/"
},
{
"url": "https://usn.ubuntu.com/4228-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4228-2/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2019/11/22/2",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/11/22/2"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895",
"refsource": "CONFIRM"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-91f6e7bb71",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-8846a1a5a2",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2675",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4228-1",
"url": "https://usn.ubuntu.com/4228-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4227-1",
"url": "https://usn.ubuntu.com/4227-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4226-1",
"url": "https://usn.ubuntu.com/4226-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4225-1",
"url": "https://usn.ubuntu.com/4225-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4228-2",
"url": "https://usn.ubuntu.com/4228-2/"
},
{
"refsource": "UBUNTU",
"name": "USN-4227-2",
"url": "https://usn.ubuntu.com/4227-2/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html",
"url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4225-2",
"url": "https://usn.ubuntu.com/4225-2/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html",
"url": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0328",
"url": "https://access.redhat.com/errata/RHSA-2020:0328"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0339",
"url": "https://access.redhat.com/errata/RHSA-2020:0339"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0374",
"url": "https://access.redhat.com/errata/RHSA-2020:0374"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0375",
"url": "https://access.redhat.com/errata/RHSA-2020:0375"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0543",
"url": "https://access.redhat.com/errata/RHSA-2020:0543"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0592",
"url": "https://access.redhat.com/errata/RHSA-2020:0592"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0609",
"url": "https://access.redhat.com/errata/RHSA-2020:0609"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0653",
"url": "https://access.redhat.com/errata/RHSA-2020:0653"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0661",
"url": "https://access.redhat.com/errata/RHSA-2020:0661"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0664",
"url": "https://access.redhat.com/errata/RHSA-2020:0664"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code."
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank ADLab of Venustech for reporting this issue."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "8/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

98
2019/19xxx/CVE-2019-19335.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19335",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVE-2019-19335 openshift/installer: kubeconfig and kubeadmin-password are created with word-readable permissions"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,11 +36,12 @@
"product": {
"product_data": [
{
"product_name": "openshift/installer",
"product_name": "Red Hat OpenShift Container Platform 4.2",
"version": {
"version_data": [
{
"version_value": "ose-installer as shipped in Openshift 4.2"
"version_value": "v4.2.18-202002031246",
"version_affected": "!"
}
]
}
@ -30,43 +52,57 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
"url": "https://access.redhat.com/errata/RHSA-2020:0463",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0463"
},
{
"lang": "eng",
"value": "During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable."
"url": "https://access.redhat.com/errata/RHSA-2020:0476",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0476"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-19335",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-19335"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1777209",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1777209"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Thom Carlin and Badre Tejado-Imam for reporting this issue."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}
}

142
2019/3xxx/CVE-2019-3811.json
View File

@ -1,104 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3811",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sssd",
"version": {
"version_data": [
{
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "The sssd Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable."
"value": "A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot()."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.1/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.16.4-21.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190117 [SECURITY] [DLA 1635-1] sssd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html"
},
{
"name": "106644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106644"
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811"
"url": "http://www.securityfocus.com/bid/106644",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/106644"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:0344",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html"
"url": "https://access.redhat.com/errata/RHSA-2019:2177",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1174",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html"
"url": "https://access.redhat.com/security/cve/CVE-2019-3811",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-3811"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2177",
"url": "https://access.redhat.com/errata/RHSA-2019:2177"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656618",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1656618"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
]
}

179
2019/3xxx/CVE-2019-3816.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3816",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openwsman",
"version": {
"version_data": [
{
"version_value": "versions up to and including 2.6.9"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,84 +15,144 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.6.3-6.git4391e5c.el7_6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:2.6.5-5.el8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "107368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107368"
"url": "http://bugzilla.suse.com/show_bug.cgi?id=1122623",
"refsource": "MISC",
"name": "http://bugzilla.suse.com/show_bug.cgi?id=1122623"
},
{
"refsource": "BID",
"name": "107409",
"url": "http://www.securityfocus.com/bid/107409"
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:0638",
"url": "https://access.redhat.com/errata/RHSA-2019:0638"
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-348166f7fd",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/"
"url": "http://www.securityfocus.com/bid/107368",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/107368"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-64b384de9b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/"
"url": "http://www.securityfocus.com/bid/107409",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/107409"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-af0cd1b8f7",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/"
"url": "https://access.redhat.com/errata/RHSA-2019:0638",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0638"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1111",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html"
"url": "https://access.redhat.com/errata/RHSA-2019:0972",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0972"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1217",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html"
"url": "https://access.redhat.com/security/cve/CVE-2019-3816",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-3816"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:0972",
"url": "https://access.redhat.com/errata/RHSA-2019:0972"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667070",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1667070"
},
{
"name": "http://bugzilla.suse.com/show_bug.cgi?id=1122623",
"refsource": "CONFIRM",
"url": "http://bugzilla.suse.com/show_bug.cgi?id=1122623"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank NEC Corporation for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
}

110
2019/3xxx/CVE-2019-3876.json
View File

@ -1,12 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3876",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,11 +36,16 @@
"product": {
"product_data": [
{
"product_name": "web-console",
"product_name": "Red Hat OpenShift Container Platform 3.11",
"version": {
"version_data": [
{
"version_value": "affects OpenShift Container Platform version v3.0 through v3.11"
"version_value": "0:3.11.129-1.git.0.bd4f2d5.el7",
"version_affected": "!"
},
{
"version_value": "0:3.11.1560870549-1.el7",
"version_affected": "!"
}
]
}
@ -30,53 +56,63 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BID",
"name": "107664",
"url": "http://www.securityfocus.com/bid/107664"
"url": "http://www.securityfocus.com/bid/107664",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/107664"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1851",
"url": "https://access.redhat.com/errata/RHSA-2019:1851"
"url": "https://access.redhat.com/errata/RHSA-2019:1851",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:1851"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-3876",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-3876"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691107",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1691107"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3876",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3876",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens."
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3876"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Since at least v3.4, the OpenShift documentation [1] has specified the format for corsAllowedOrigins to accurately match intended hostnames. Since at least v3.7, installs will default to use the correct regular expression formatted variables. Earlier versions may be configured with plain strings, a configuration which will persist across cluster upgrades, opening them to cross origin vulnerabilities such as this.\n\n\nAt a minimum, you should ensure that the corsAllowedOrigin definition within master-config.yaml contains elements in the form \n\n~~~\ncorsAllowedOrigins:\n- (?i)//my\\.subdomain\\.domain\\.com(:|\\z)\n~~~\n\nand not the form\n\n~~~\ncorsAllowedOrigins:\n- domain.com\n~~~\n\nas the first will permit cross origin requests only if the host matches exactly, whereas the second will permit from any host that merely contains the string (such as ABCDdomain.com or even domain.comABCD.com).\n\n\n\nFootnotes:\n\n[1] https://docs.openshift.com/container-platform/3.4/architecture/infrastructure_components/web_console.html#corsAllowedOrigins"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Mo Khan (Red Hat)."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
}
}

233
2020/10xxx/CVE-2020-10732.json
View File

@ -1,25 +1,66 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10732",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel\u2019s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Uninitialized Resource",
"cweId": "CWE-908"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux kernel",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "kernel",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "introduced in commit 4206d3aa1978e44f58bfa4e1c9d8d35cbf19c187"
"version_value": "0:3.10.0-1160.rt56.1131.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-1160.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-240.rt7.54.el8",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-240.el8",
"version_affected": "!"
}
]
}
@ -30,108 +71,132 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0801",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0935",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4411-1",
"url": "https://usn.ubuntu.com/4411-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4427-1",
"url": "https://usn.ubuntu.com/4427-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4439-1",
"url": "https://usn.ubuntu.com/4439-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4440-1",
"url": "https://usn.ubuntu.com/4440-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4485-1",
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732",
"refsource": "CONFIRM"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d",
"refsource": "MISC"
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d"
},
{
"url": "https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a",
"name": "https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a",
"refsource": "MISC"
"refsource": "MISC",
"name": "https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a"
},
{
"url": "https://github.com/google/kmsan/issues/76",
"name": "https://github.com/google/kmsan/issues/76",
"refsource": "MISC"
"refsource": "MISC",
"name": "https://github.com/google/kmsan/issues/76"
},
{
"url": "https://twitter.com/grsecurity/status/1252558055629299712",
"name": "https://twitter.com/grsecurity/status/1252558055629299712",
"refsource": "MISC"
},
{
"refsource": "MISC",
"name": "https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg@mail.gmail.com/",
"url": "https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg@mail.gmail.com/"
"name": "https://twitter.com/grsecurity/status/1252558055629299712"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0005/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0005/"
}
]
},
"description": {
"description_data": [
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data."
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:4060",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:4060"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:4062",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:4062"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:4431",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:4431"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:4609",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:4609"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-10732",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-10732"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831399",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1831399"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732"
},
{
"url": "https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com/",
"refsource": "MISC",
"name": "https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210129-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210129-0005/"
},
{
"url": "https://usn.ubuntu.com/4411-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4411-1/"
},
{
"url": "https://usn.ubuntu.com/4427-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4427-1/"
},
{
"url": "https://usn.ubuntu.com/4439-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4439-1/"
},
{
"url": "https://usn.ubuntu.com/4440-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4440-1/"
},
{
"url": "https://usn.ubuntu.com/4485-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/4485-1/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Possible mitigation would be to disable core dumps system-wide by setting:\n\n* hard core 0\n\nIn the /etc/security/limits.conf file and restarting applications/services/processes which users may have access to or simply reboot the system. This disables core dumps which may not be a suitable workaround in your environment."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "3.3/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}
}

132
2020/1xxx/CVE-2020-1709.json
View File

@ -1,25 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1709",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "openshift/mediawiki",
"product_name": "Red Hat OpenShift Container Platform 3.11",
"version": {
"version_data": [
{
"version_value": "n/a"
"version_value": "v3.11.188-2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.1",
"version": {
"version_data": [
{
"version_value": "v4.1.37-202003021622",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.2",
"version": {
"version_data": [
{
"version_value": "v4.2.24-202003161048",
"version_affected": "!"
}
]
}
@ -30,43 +74,67 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
"url": "https://access.redhat.com/articles/4859371",
"refsource": "MISC",
"name": "https://access.redhat.com/articles/4859371"
},
{
"lang": "eng",
"value": "A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
"url": "https://access.redhat.com/errata/RHSA-2020:0694",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0694"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0799",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0799"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0830",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0830"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-1709",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-1709"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793297",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793297"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Joseph LaMagna-Reiter (SPR Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "7.0/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

2
2023/23xxx/CVE-2023-23127.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS."
"value": "** DISPUTED ** In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting."
}
]
},