admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 20:01:23 +00:00
parent 49a1ecf4d4
commit af56fa6067
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
23 changed files with 7241 additions and 1325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2013/4xxx/CVE-2013-4282.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4282",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket."
"value": "CVE-2013-4282 spice: stack buffer overflow in reds_handle_ticket() function"
}
]
},
@ -44,53 +21,150 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:0.3.0-56.el5_10.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:0.12.0-12.el6_4.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "0:6.4-20131016.0.el6_4",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1473",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1473.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
},
{
"name": "SUSE-SU-2015:0884",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html"
"url": "http://www.debian.org/security/2014/dsa-2839",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-2839"
},
{
"name": "RHSA-2013:1474",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1474.html"
"url": "http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2",
"refsource": "MISC",
"name": "http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2"
},
{
"name": "DSA-2839",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2839"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html"
},
{
"name": "http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1473.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1473.html"
},
{
"name": "RHSA-2013:1460",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1474.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1474.html"
},
{
"name": "USN-2027-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2027-1"
"url": "http://www.securityfocus.com/bid/63408",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/63408"
},
{
"name": "63408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63408"
"url": "http://www.ubuntu.com/usn/USN-2027-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2027-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1460",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1460"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1473",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1473"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1474",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1474"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4282",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4282"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000443",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1000443"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

142
2013/4xxx/CVE-2013-4294.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4294",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token."
"value": "CVE-2013-4294 OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends"
}
]
},
@ -44,43 +21,114 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insufficient Session Expiration",
"cweId": "CWE-613"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2013.1.3-2.el6ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "97237",
"refsource": "OSVDB",
"url": "http://osvdb.org/97237"
"url": "http://www.ubuntu.com/usn/USN-2002-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2002-1"
},
{
"name": "USN-2002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2002-1"
"url": "http://osvdb.org/97237",
"refsource": "MISC",
"name": "http://osvdb.org/97237"
},
{
"name": "54706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54706"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1285.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1285.html"
},
{
"name": "[oss-security] 20130911 [OSSA 2013-025] Token revocation failure using Keystone memcache/KVS backends (CVE-2013-4294)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q3/586"
"url": "http://seclists.org/oss-sec/2013/q3/586",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q3/586"
},
{
"name": "https://bugs.launchpad.net/keystone/+bug/1202952",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/keystone/+bug/1202952"
"url": "http://secunia.com/advisories/54706",
"refsource": "MISC",
"name": "http://secunia.com/advisories/54706"
},
{
"name": "RHSA-2013:1285",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1285.html"
"url": "https://access.redhat.com/errata/RHSA-2013:1285",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1285"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4294",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4294"
},
{
"url": "https://bugs.launchpad.net/keystone/+bug/1202952",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/keystone/+bug/1202952"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004452",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1004452"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Thierry Carrez (OpenStack upstream) for reporting this issue. Upstream acknowledges Kieran Spear (University of Melbourne) as the original reporter."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
]
}

240
2013/4xxx/CVE-2013-4312.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4312",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c."
"value": "It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system."
}
]
},
@ -44,113 +21,198 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-642.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-514.rt56.420.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-514.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0855",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "https://github.com/torvalds/linux/commit/712f4aad406bb1ed67f3f98d04c044191f0ff593",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/712f4aad406bb1ed67f3f98d04c044191f0ff593"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "USN-2967-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-1"
"url": "https://access.redhat.com/errata/RHSA-2016:2574",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2574"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1"
"url": "https://access.redhat.com/errata/RHSA-2016:2584",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2584"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0855.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1297813",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297813"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "DSA-3503",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3503"
"url": "https://access.redhat.com/errata/RHSA-2016:0855",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0855"
},
{
"name": "USN-2967-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-2"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html"
},
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
"url": "http://www.debian.org/security/2016/dsa-3448",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3448"
},
{
"name": "82986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82986"
"url": "http://www.debian.org/security/2016/dsa-3503",
"refsource": "MISC",
"name": "http://www.debian.org/security/2016/dsa-3503"
},
{
"name": "USN-2929-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-1"
"url": "http://www.ubuntu.com/usn/USN-2929-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name": "USN-2932-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2932-1"
"url": "http://www.ubuntu.com/usn/USN-2929-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name": "FEDORA-2016-5d43766e33",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"
"url": "http://www.ubuntu.com/usn/USN-2932-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4312",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4312"
"url": "http://www.ubuntu.com/usn/USN-2967-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2967-1"
},
{
"name": "USN-2931-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2931-1"
"url": "http://www.ubuntu.com/usn/USN-2967-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2967-2"
},
{
"name": "DSA-3448",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3448"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=712f4aad406bb1ed67f3f98d04c044191f0ff593",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=712f4aad406bb1ed67f3f98d04c044191f0ff593"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=712f4aad406bb1ed67f3f98d04c044191f0ff593",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=712f4aad406bb1ed67f3f98d04c044191f0ff593"
},
{
"name": "USN-2929-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-2"
"url": "http://www.securityfocus.com/bid/82986",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/82986"
},
{
"name": "FEDORA-2016-2f25d12c51",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html"
"url": "http://www.ubuntu.com/usn/USN-2931-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2931-1"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4312",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4312"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297813",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1297813"
},
{
"url": "https://github.com/torvalds/linux/commit/712f4aad406bb1ed67f3f98d04c044191f0ff593",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/712f4aad406bb1ed67f3f98d04c044191f0ff593"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4312",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4312"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

194
2013/4xxx/CVE-2013-4332.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4332",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions."
"value": "Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application."
}
]
},
@ -44,78 +21,159 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.5-118.el5_10.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.12-1.132.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1605",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
"url": "https://security.gentoo.org/glsa/201503-04",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201503-04"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332"
"url": "http://secunia.com/advisories/55113",
"refsource": "MISC",
"name": "http://secunia.com/advisories/55113"
},
{
"name": "55113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55113"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
},
{
"name": "USN-1991-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1991-1"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
},
{
"name": "[oss-security] 20130912 Re: CVE Request: Three integer overflows in glibc memory allocator",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/12/6"
"url": "http://www.ubuntu.com/usn/USN-1991-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1991-1"
},
{
"name": "MDVSA-2013:284",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
},
{
"name": "62324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62324"
"url": "https://access.redhat.com/errata/RHSA-2013:1605",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1605"
},
{
"name": "GLSA-201503-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-04"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1411.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1411.html"
},
{
"name": "RHSA-2013:1411",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1411.html"
"url": "http://www.openwall.com/lists/oss-security/2013/09/12/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/12/6"
},
{
"name": "MDVSA-2013:283",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
"url": "http://www.securityfocus.com/bid/62324",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/62324"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15857",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15857"
"url": "https://access.redhat.com/errata/RHSA-2013:1411",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1411"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15856",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15856"
"url": "https://access.redhat.com/security/cve/CVE-2013-4332",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4332"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15855",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15855"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007545",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007545"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15855",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15855"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15856",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15856"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=15857",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15857"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

130
2013/4xxx/CVE-2013-4342.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4342",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service."
"value": "CVE-2013-4342 xinetd: ignores user and group directives for tcpmux services"
}
]
},
@ -44,33 +21,104 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "2:2.3.14-20.el5_10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:2.3.14-39.el6_4",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201611-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-06"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1409.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1409.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100"
"url": "https://access.redhat.com/errata/RHSA-2013:1409",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1409"
},
{
"name": "https://github.com/xinetd-org/xinetd/pull/10",
"refsource": "CONFIRM",
"url": "https://github.com/xinetd-org/xinetd/pull/10"
"url": "https://access.redhat.com/security/cve/CVE-2013-4342",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4342"
},
{
"name": "RHSA-2013:1409",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1409.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100"
},
{
"url": "https://github.com/xinetd-org/xinetd/pull/10",
"refsource": "MISC",
"name": "https://github.com/xinetd-org/xinetd/pull/10"
},
{
"url": "https://security.gentoo.org/glsa/201611-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-06"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

235
2013/4xxx/CVE-2013-4345.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4345",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data."
"value": "CVE-2013-4345 kernel: ansi_cprng: off by one error in non-block size request"
}
]
},
@ -44,103 +21,195 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Off-by-one Error",
"cweId": "CWE-193"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-371.1.2.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:3.8.13-rt14.25.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2065-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2065-1"
"url": "http://www.ubuntu.com/usn/USN-2068-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2068-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007690",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007690"
"url": "http://www.ubuntu.com/usn/USN-2070-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2070-1"
},
{
"name": "USN-2110-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2110-1"
"url": "http://www.ubuntu.com/usn/USN-2071-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2071-1"
},
{
"name": "RHSA-2013:1490",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
"url": "http://www.ubuntu.com/usn/USN-2072-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2072-1"
},
{
"name": "RHSA-2013:1645",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
"url": "http://www.ubuntu.com/usn/USN-2074-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2074-1"
},
{
"name": "USN-2076-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2076-1"
"url": "http://www.ubuntu.com/usn/USN-2075-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2075-1"
},
{
"name": "USN-2158-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2158-1"
"url": "http://www.ubuntu.com/usn/USN-2076-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2076-1"
},
{
"name": "USN-2070-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2070-1"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"name": "USN-2071-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2071-1"
"url": "https://access.redhat.com/errata/RHSA-2013:1490",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1490"
},
{
"name": "USN-2109-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2109-1"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1449.html"
},
{
"name": "RHSA-2013:1449",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name": "62740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62740"
"url": "https://access.redhat.com/errata/RHSA-2013:1449",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1449"
},
{
"name": "USN-2074-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2074-1"
"url": "https://access.redhat.com/errata/RHSA-2013:1645",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1645"
},
{
"name": "USN-2068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2068-1"
"url": "http://www.ubuntu.com/usn/USN-2064-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2064-1"
},
{
"name": "[linux-crypto] 20130917 [PATCH] ansi_cprng: Fix off by one error in non-block size request",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2"
"url": "http://www.ubuntu.com/usn/USN-2065-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2065-1"
},
{
"name": "USN-2072-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2072-1"
"url": "http://www.ubuntu.com/usn/USN-2158-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2158-1"
},
{
"name": "USN-2075-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2075-1"
"url": "http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2"
},
{
"name": "USN-2064-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2064-1"
"url": "http://www.securityfocus.com/bid/62740",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/62740"
},
{
"url": "http://www.ubuntu.com/usn/USN-2109-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2109-1"
},
{
"url": "http://www.ubuntu.com/usn/USN-2110-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2110-1"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4345",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4345"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007690",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007690"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
]
}

2405
2013/4xxx/CVE-2013-4346.json
View File

File diff suppressed because it is too large Load Diff

2409
2013/4xxx/CVE-2013-4347.json
View File

File diff suppressed because it is too large Load Diff

131
2013/4xxx/CVE-2013-4348.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4348",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation."
"value": "CVE-2013-4348 kernel: net: deadloop path in skb_flow_dissect()"
}
]
},
@ -44,43 +21,103 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:3.8.13-rt14.25.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1490",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007939",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007939"
"url": "http://www.ubuntu.com/usn/USN-2070-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2070-1"
},
{
"name": "USN-2070-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2070-1"
"url": "http://www.ubuntu.com/usn/USN-2075-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2075-1"
},
{
"name": "openSUSE-SU-2014:0204",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"name": "USN-2075-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2075-1"
"url": "https://access.redhat.com/errata/RHSA-2013:1490",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1490"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6f092343855a71e03b8d209815d8c45bf3a27fcd",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6f092343855a71e03b8d209815d8c45bf3a27fcd"
"url": "https://access.redhat.com/security/cve/CVE-2013-4348",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4348"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007939",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007939"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6f092343855a71e03b8d209815d8c45bf3a27fcd",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6f092343855a71e03b8d209815d8c45bf3a27fcd"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

148
2013/4xxx/CVE-2013-4355.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4355",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory."
"value": "CVE-2013-4355 Kernel: Xen: Xsa-63: information leak via I/O instruction emulation"
}
]
},
@ -44,53 +21,118 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-371.3.1.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2014:0470",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "[oss-security] 20130930 Xen Security Advisory 63 (CVE-2013-4355) - Information leaks through I/O instruction emulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/30/1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html"
},
{
"name": "GLSA-201407-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html"
},
{
"name": "RHSA-2013:1790",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1790.html"
"url": "http://www.debian.org/security/2014/dsa-3006",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3006"
},
{
"name": "SUSE-SU-2014:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html"
},
{
"name": "DSA-3006",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3006"
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name": "SUSE-SU-2014:0411",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1790.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1790.html"
},
{
"name": "openSUSE-SU-2013:1636",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html"
"url": "http://www.openwall.com/lists/oss-security/2013/09/30/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/30/1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1790",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1790"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4355",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4355"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1009598",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1009598"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
}

146
2014/3xxx/CVE-2014-3708.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3708",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request."
"value": "A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time."
}
]
},
@ -44,38 +21,119 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2014.1.4-3.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.1.4-3.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "70777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70777"
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html",
"refsource": "MISC",
"name": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html"
},
{
"name": "RHSA-2015:0844",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0843.html"
},
{
"name": "RHSA-2015:0843",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0844.html"
},
{
"name": "https://bugs.launchpad.net/nova/+bug/1358583",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1358583"
"url": "http://www.securityfocus.com/bid/70777",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/70777"
},
{
"name": "[openstack-announce] 20141028 [OSSA 2014-038] Nova network DoS through API filtering (CVE-2014-3708)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html"
"url": "https://access.redhat.com/errata/RHSA-2015:0843",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0843"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0844",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0844"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-3708",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3708"
},
{
"url": "https://bugs.launchpad.net/nova/+bug/1358583",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/nova/+bug/1358583"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154951",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154951"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
]
}

307
2014/5xxx/CVE-2014-5077.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-5077",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction."
"value": "A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system."
}
]
},
@ -44,123 +21,263 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-220.56.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.51.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.37.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-123.9.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:3.10.33-rt32.45.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "60545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60545"
"url": "https://access.redhat.com/errata/RHSA-2014:1724",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1724"
},
{
"name": "62563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62563"
"url": "https://access.redhat.com/errata/RHSA-2014:1392",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1392"
},
{
"name": "SUSE-SU-2014:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1be9a950c646c9092fb3618197f7b6bfb50e82aa",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1be9a950c646c9092fb3618197f7b6bfb50e82aa"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
},
{
"name": "USN-2335-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2335-1"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1763.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1763.html"
},
{
"name": "USN-2334-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2334-1"
"url": "https://access.redhat.com/errata/RHSA-2014:1763",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1763"
},
{
"name": "60430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60430"
"url": "http://www.ubuntu.com/usn/USN-2358-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2358-1"
},
{
"name": "SUSE-SU-2014:1319",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
"url": "http://www.ubuntu.com/usn/USN-2359-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2359-1"
},
{
"name": "60564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60564"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa"
},
{
"name": "RHSA-2014:1083",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"
},
{
"name": "[oss-security] 20140725 Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/26/1"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1668.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1668.html"
},
{
"name": "USN-2359-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2359-1"
"url": "http://secunia.com/advisories/59777",
"refsource": "MISC",
"name": "http://secunia.com/advisories/59777"
},
{
"name": "RHSA-2014:1763",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1763.html"
"url": "http://secunia.com/advisories/60430",
"refsource": "MISC",
"name": "http://secunia.com/advisories/60430"
},
{
"name": "59777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59777"
"url": "http://secunia.com/advisories/60545",
"refsource": "MISC",
"name": "http://secunia.com/advisories/60545"
},
{
"name": "RHSA-2014:1668",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1668.html"
"url": "http://secunia.com/advisories/60564",
"refsource": "MISC",
"name": "http://secunia.com/advisories/60564"
},
{
"name": "linux-kernel-cve20145077-dos(95134)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95134"
"url": "http://secunia.com/advisories/60744",
"refsource": "MISC",
"name": "http://secunia.com/advisories/60744"
},
{
"name": "1030681",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030681"
"url": "http://secunia.com/advisories/62563",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62563"
},
{
"name": "USN-2358-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2358-1"
"url": "http://www.openwall.com/lists/oss-security/2014/07/26/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/07/26/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1122982",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122982"
"url": "http://www.securityfocus.com/bid/68881",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/68881"
},
{
"name": "https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa"
"url": "http://www.securitytracker.com/id/1030681",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1030681"
},
{
"name": "60744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60744"
"url": "http://www.ubuntu.com/usn/USN-2334-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"name": "68881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68881"
"url": "http://www.ubuntu.com/usn/USN-2335-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1083",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1083"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1668",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1668"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1872",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1872"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-5077",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-5077"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122982",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1122982"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95134",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95134"
},
{
"url": "https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

218
2014/7xxx/CVE-2014-7817.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7817",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing \"$((`...`))\"."
"value": "It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application."
}
]
},
@ -44,98 +21,179 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Expected Behavior Violation",
"cweId": "CWE-440"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.12-1.149.el6_6.4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.17-55.el7_0.3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20141120 CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/730"
"url": "http://linux.oracle.com/errata/ELSA-2015-0016.html",
"refsource": "MISC",
"name": "http://linux.oracle.com/errata/ELSA-2015-0016.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"url": "http://secunia.com/advisories/62100",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62100"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2015-0016.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2015-0016.html"
"url": "http://secunia.com/advisories/62146",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62146"
},
{
"name": "USN-2432-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2432-1"
"url": "http://www.debian.org/security/2015/dsa-3142",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3142"
},
{
"name": "[libc-alpha] 20141119 [COMMITTED] CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.",
"refsource": "MLIST",
"url": "https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html"
"url": "https://access.redhat.com/errata/RHSA-2015:0016",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0016"
},
{
"name": "RHSA-2014:2023",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2023.html"
"url": "https://security.gentoo.org/glsa/201602-02",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201602-02"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "openSUSE-SU-2015:0351",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html"
"url": "http://linux.oracle.com/errata/ELSA-2015-0092.html",
"refsource": "MISC",
"name": "http://linux.oracle.com/errata/ELSA-2015-0092.html"
},
{
"name": "GLSA-201602-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-02"
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "71216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71216"
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-2023.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-2023.html"
},
{
"name": "62100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62100"
"url": "http://seclists.org/oss-sec/2014/q4/730",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2014/q4/730"
},
{
"name": "gnu-glibc-cve20147817-command-exec(98852)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98852"
"url": "http://www.securityfocus.com/bid/71216",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/71216"
},
{
"name": "62146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62146"
"url": "http://www.ubuntu.com/usn/USN-2432-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2432-1"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17625",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17625"
"url": "https://access.redhat.com/errata/RHSA-2014:2023",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:2023"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2015-0092.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2015-0092.html"
"url": "https://access.redhat.com/security/cve/CVE-2014-7817",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-7817"
},
{
"name": "DSA-3142",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3142"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1157689",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1157689"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98852",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98852"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17625",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17625"
},
{
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c",
"refsource": "MISC",
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c"
},
{
"url": "https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html",
"refsource": "MISC",
"name": "https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
]
}

186
2014/7xxx/CVE-2014-7821.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7821",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration."
"value": "A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service."
}
]
},
@ -44,58 +21,155 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2013.2.4-6.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2014.1.3-12.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.1.3-11.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1938",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1938.html"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "neutron-cve20147821-dos(98818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98818"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html"
},
{
"name": "RHSA-2015:0044",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0044.html"
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-November/000303.html",
"refsource": "MISC",
"name": "http://lists.openstack.org/pipermail/openstack-announce/2014-November/000303.html"
},
{
"name": "FEDORA-2015-5997",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1938.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1938.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1942.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1942.html"
},
{
"name": "[openstack-announce] 20141119 [OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-November/000303.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0044.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0044.html"
},
{
"name": "RHSA-2014:1942",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1942.html"
"url": "http://secunia.com/advisories/62586",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62586"
},
{
"name": "62586",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62586"
"url": "https://access.redhat.com/errata/RHSA-2014:1938",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1938"
},
{
"name": "https://bugs.launchpad.net/neutron/+bug/1378450",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/neutron/+bug/1378450"
"url": "https://access.redhat.com/errata/RHSA-2014:1942",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1942"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0044",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0044"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-7821",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-7821"
},
{
"url": "https://bugs.launchpad.net/neutron/+bug/1378450",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/neutron/+bug/1378450"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163457",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163457"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98818",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98818"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
]
}

147
2014/7xxx/CVE-2014-7840.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7840",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data."
"value": "It was found that certain values that were read when loading RAM during migration were not validated. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process."
}
]
},
@ -44,43 +21,119 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-86.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0624",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=0be839a2701369f669532ea5884c15bead1c6e08",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=0be839a2701369f669532ea5884c15bead1c6e08"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"
},
{
"name": "[qemu-devel] 20141112 [PATCH 0/4] migration: fix CVE-2014-7840",
"refsource": "MLIST",
"url": "http://thread.gmane.org/gmane.comp.emulators.qemu/306117"
"url": "https://access.redhat.com/errata/RHSA-2015:0349",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0349"
},
{
"name": "RHSA-2015:0349",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"
"url": "https://access.redhat.com/errata/RHSA-2015:0624",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0624"
},
{
"name": "qemu-cve20147840-code-exec(99194)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99194"
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163075",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163075"
"url": "http://thread.gmane.org/gmane.comp.emulators.qemu/306117",
"refsource": "MISC",
"name": "http://thread.gmane.org/gmane.comp.emulators.qemu/306117"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-7840",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-7840"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163075",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163075"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99194",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99194"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

291
2014/7xxx/CVE-2014-7841.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7841",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk."
"value": "A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system."
}
]
},
@ -44,123 +21,247 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.8.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-220.60.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.56.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.50.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-123.20.1.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "62735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62735"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "RHSA-2015:0695",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0695.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2015-3004.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2015-3004.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0284.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0284.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40607cbe270a9e8360907cb1e62ddf0736e4864",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40607cbe270a9e8360907cb1e62ddf0736e4864"
"url": "https://access.redhat.com/errata/RHSA-2015:0284",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0284"
},
{
"name": "[oss-security] 20141113 CVE-2014-7841 Linux kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/13/6"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html",
"refsource": "CONFIRM",
"url": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name": "SUSE-SU-2015:0652",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4"
},
{
"name": "RHSA-2015:0285",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0285.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0102.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0102.html"
},
{
"name": "RHSA-2015:0087",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0087.html"
"url": "https://access.redhat.com/errata/RHSA-2015:0102",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0102"
},
{
"name": "DSA-3093",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3093"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40607cbe270a9e8360907cb1e62ddf0736e4864",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40607cbe270a9e8360907cb1e62ddf0736e4864"
},
{
"name": "SUSE-SU-2015:0481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
"url": "http://linux.oracle.com/errata/ELSA-2015-3004.html",
"refsource": "MISC",
"name": "http://linux.oracle.com/errata/ELSA-2015-3004.html"
},
{
"name": "71081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71081"
"url": "http://linux.oracle.com/errata/ELSA-2015-3005.html",
"refsource": "MISC",
"name": "http://linux.oracle.com/errata/ELSA-2015-3005.html"
},
{
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0087.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0087.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163087",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163087"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0285.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0285.html"
},
{
"name": "RHSA-2015:0284",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0284.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0695.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0695.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2015-3005.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2015-3005.html"
"url": "http://secunia.com/advisories/62305",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62305"
},
{
"name": "SUSE-SU-2015:0529",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
"url": "http://secunia.com/advisories/62597",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62597"
},
{
"name": "https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864"
"url": "http://secunia.com/advisories/62735",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62735"
},
{
"name": "62597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62597"
"url": "http://www.debian.org/security/2014/dsa-3093",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3093"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4"
"url": "http://www.openwall.com/lists/oss-security/2014/11/13/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/11/13/6"
},
{
"name": "RHSA-2015:0102",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0102.html"
"url": "http://www.securityfocus.com/bid/71081",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/71081"
},
{
"name": "62305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62305"
"url": "https://access.redhat.com/errata/RHSA-2015:0087",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0087"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0285",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0285"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0695",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0695"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-7841",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-7841"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163087",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163087"
},
{
"url": "https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864"
},
{
"url": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html",
"refsource": "MISC",
"name": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

91
2014/7xxx/CVE-2014-7844.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7844",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address."
"value": "A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters (CVE-2004-2771) and the direct command execution functionality (CVE-2014-7844)."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Metacharacters"
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
@ -31,15 +32,27 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "BSD",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "mailx",
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "8.1.2 and earlier"
"version_value": "0:12.4-8.el6_6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:12.5-12.el7_0",
"version_affected": "!"
}
]
}
@ -53,29 +66,69 @@
"references": {
"reference_data": [
{
"url": "http://linux.oracle.com/errata/ELSA-2014-1999.html",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2014/q4/1066",
"url": "http://seclists.org/oss-sec/2014/q4/1066"
"name": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1999",
"refsource": "MISC",
"name": "http://linux.oracle.com/errata/ELSA-2014-1999.html",
"url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
"name": "https://access.redhat.com/errata/RHSA-2014:1999"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1162783",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3104",
"url": "http://www.debian.org/security/2014/dsa-3104"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1162783"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3105",
"url": "http://www.debian.org/security/2014/dsa-3105"
"name": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
},
{
"url": "http://seclists.org/oss-sec/2014/q4/1066",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1999.html",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
"name": "http://seclists.org/oss-sec/2014/q4/1066"
},
{
"url": "http://www.debian.org/security/2014/dsa-3104",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3104"
},
{
"url": "http://www.debian.org/security/2014/dsa-3105",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3105"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-7844",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-7844"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
]
}

107
2014/7xxx/CVE-2014-7851.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7851",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user."
"value": "It was found that oVirt did not correctly terminate sessions when a user logged out from the web interface. Upon logout, only the engine session was invalidated but the restapi session persisted. An attacker able to obtain the session data, and able to log in with their own credentials, could replace their session token with the stolen token and elevate their privileges to those of the victim user. Note that in order for this flaw to be exploited, the attacker must also have a valid login and authenticate successfully."
}
]
},
@ -44,23 +21,83 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insufficient Session Expiration",
"cweId": "CWE-613"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.5",
"version": {
"version_data": [
{
"version_value": "0:3.5.0-32",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730"
"url": "https://access.redhat.com/errata/RHBA-2015:0230",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2015:0230"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311"
"url": "https://access.redhat.com/security/cve/CVE-2014-7851",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-7851"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

193
2014/8xxx/CVE-2014-8091.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8091",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request."
"value": "It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request."
}
]
},
@ -44,68 +21,160 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Unchecked Return Value",
"cweId": "CWE-252"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:1.1.1-48.107.el5_11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.15.0-25.el6_6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.15.0-7.el7_0.3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "DSA-3095",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3095"
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0532.html"
"url": "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource": "MISC",
"name": "http://advisories.mageia.org/MGASA-2014-0532.html"
},
{
"name": "GLSA-201504-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-06"
"url": "http://secunia.com/advisories/61947",
"refsource": "MISC",
"name": "http://secunia.com/advisories/61947"
},
{
"name": "62292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62292"
"url": "http://secunia.com/advisories/62292",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62292"
},
{
"name": "MDVSA-2015:119",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
"url": "http://www.debian.org/security/2014/dsa-3095",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3095"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
},
{
"name": "71597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71597"
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource": "MISC",
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
},
{
"name": "61947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61947"
"url": "https://access.redhat.com/errata/RHSA-2014:1982",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1982"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
"url": "https://access.redhat.com/errata/RHSA-2014:1983",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1983"
},
{
"url": "https://security.gentoo.org/glsa/201504-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201504-06"
},
{
"url": "http://www.securityfocus.com/bid/71597",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/71597"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-8091",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-8091"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168680",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1168680"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
]
}

199
2014/8xxx/CVE-2014-8092.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8092",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write."
"value": "Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges."
}
]
},
@ -44,73 +21,165 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:1.1.1-48.107.el5_11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.15.0-25.el6_6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.15.0-7.el7_0.3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "DSA-3095",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3095"
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "71595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71595"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0532.html"
"url": "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource": "MISC",
"name": "http://advisories.mageia.org/MGASA-2014-0532.html"
},
{
"name": "GLSA-201504-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-06"
"url": "http://secunia.com/advisories/61947",
"refsource": "MISC",
"name": "http://secunia.com/advisories/61947"
},
{
"name": "62292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62292"
"url": "http://secunia.com/advisories/62292",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62292"
},
{
"name": "MDVSA-2015:119",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
"url": "http://www.debian.org/security/2014/dsa-3095",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3095"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource": "MISC",
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
},
{
"name": "61947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61947"
"url": "https://access.redhat.com/errata/RHSA-2014:1982",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1982"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
"url": "https://access.redhat.com/errata/RHSA-2014:1983",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1983"
},
{
"url": "https://security.gentoo.org/glsa/201504-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201504-06"
},
{
"url": "http://www.securityfocus.com/bid/71595",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/71595"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-8092",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-8092"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168684",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1168684"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

193
2014/8xxx/CVE-2014-8093.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8093",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write."
"value": "Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges."
}
]
},
@ -44,68 +21,160 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:1.1.1-48.107.el5_11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.15.0-25.el6_6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.15.0-7.el7_0.3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "DSA-3095",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3095"
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
"url": "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource": "MISC",
"name": "http://advisories.mageia.org/MGASA-2014-0532.html"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/3610",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/3610"
"url": "http://secunia.com/advisories/61947",
"refsource": "MISC",
"name": "http://secunia.com/advisories/61947"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0532.html"
"url": "http://secunia.com/advisories/62292",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62292"
},
{
"name": "GLSA-201504-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-06"
"url": "http://www.debian.org/security/2014/dsa-3095",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3095"
},
{
"name": "62292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62292"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
},
{
"name": "71596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71596"
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource": "MISC",
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
},
{
"name": "MDVSA-2015:119",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
"url": "https://access.redhat.com/errata/RHSA-2014:1982",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1982"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
"url": "https://access.redhat.com/errata/RHSA-2014:1983",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1983"
},
{
"name": "61947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61947"
"url": "https://security.gentoo.org/glsa/201504-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201504-06"
},
{
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/3610",
"refsource": "MISC",
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/3610"
},
{
"url": "http://www.securityfocus.com/bid/71596",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/71596"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-8093",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-8093"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168688",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1168688"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

155
2015/3xxx/CVE-2015-3258.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3258",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job."
"value": "A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the \"lp\" user."
}
]
},
@ -44,63 +21,123 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.0.35-21.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2659-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2659-1"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "GLSA-201510-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-08"
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363",
"refsource": "MISC",
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363"
},
{
"name": "75436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75436"
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
},
{
"name": "[oss-security] 20150626 CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/4"
"url": "http://ubuntu.com/usn/usn-2659-1",
"refsource": "MISC",
"name": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "openSUSE-SU-2015:1244",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
"url": "http://www.debian.org/security/2015/dsa-3303",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363"
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/06/26/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
"url": "http://www.securityfocus.com/bid/75436",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75436"
},
{
"name": "DSA-3303",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3303"
"url": "https://access.redhat.com/errata/RHSA-2015:2360",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2360"
},
{
"name": "RHSA-2015:2360",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
"url": "https://access.redhat.com/security/cve/CVE-2015-3258",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3258"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
},
{
"url": "https://security.gentoo.org/glsa/201510-08",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201510-08"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

119
2015/3xxx/CVE-2015-3276.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3276",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors."
"value": "A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled."
}
]
},
@ -44,33 +21,93 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Calculation",
"cweId": "CWE-682"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.4.40-8.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2131",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2131.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "https://access.redhat.com/errata/RHSA-2015:2131",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2131"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238322",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238322"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2131.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2131.html"
},
{
"name": "1034221",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034221"
"url": "http://www.securitytracker.com/id/1034221",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034221"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3276",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3276"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238322",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238322"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}