admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 20:00:35 +00:00
parent 24b22529ff
commit af83802a3e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 1209 additions and 460 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
2014/0xxx/CVE-2014-0162.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0162",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location."
"value": "CVE-2014-0162 openstack-glance: remote code execution in Glance Sheepdog backend"
}
]
},
@ -44,33 +21,98 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2013.2.2-3.el6ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2193-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2193-1"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0455.html"
},
{
"name": "https://launchpad.net/bugs/1298698",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1298698"
"url": "http://www.openwall.com/lists/oss-security/2014/04/10/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/04/10/13"
},
{
"name": "[oss-security] 20140410 [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/10/13"
"url": "http://www.ubuntu.com/usn/USN-2193-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2193-1"
},
{
"name": "RHSA-2014:0455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0455",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0455"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0162",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0162"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085163",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1085163"
},
{
"url": "https://launchpad.net/bugs/1298698",
"refsource": "MISC",
"name": "https://launchpad.net/bugs/1298698"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

128
2014/0xxx/CVE-2014-0164.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0164",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file."
"value": "CVE-2014-0164 mcollective: world readable client config"
}
]
},
@ -44,23 +21,104 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Enterprise 2.0",
"version": {
"version_data": [
{
"version_value": "0:1.17.6.6-1.el6op",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEL 6 Version of OpenShift Enterprise 1.2",
"version": {
"version_data": [
{
"version_value": "0:1.9.16-1.el6op",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0461",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0461.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0460.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0460.html"
},
{
"name": "RHSA-2014:0460",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0460.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0461.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0461.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0460",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0460"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0461",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0461"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0164",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0164"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083847",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1083847"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

110
2014/0xxx/CVE-2014-0176.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0176",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"value": "CVE-2014-0176 CFME: reflected XSS in several places due to missing JavaScript escaping"
}
]
},
@ -44,18 +21,87 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "CloudForms Management Engine 5.x",
"version": {
"version_data": [
{
"version_value": "0:5.2.4.2-1.el6cf",
"version_affected": "!"
},
{
"version_value": "1:3.2.13-8.el6cf",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0816",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0816",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0816"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0176",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0176"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086463",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1086463"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

170
2014/0xxx/CVE-2014-0179.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0179",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods."
"value": "It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file (limited to libvirt as shipped with Red Hat Enterprise Linux 7); parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system."
}
]
},
@ -44,58 +21,139 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:0.10.2-29.el6_5.8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.1.1-29.el7_0.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0560",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"
"url": "http://libvirt.org/news.html",
"refsource": "MISC",
"name": "http://libvirt.org/news.html"
},
{
"name": "http://libvirt.org/news.html",
"refsource": "CONFIRM",
"url": "http://libvirt.org/news.html"
"url": "http://secunia.com/advisories/60895",
"refsource": "MISC",
"name": "http://secunia.com/advisories/60895"
},
{
"name": "60895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60895"
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "GLSA-201412-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
},
{
"name": "openSUSE-SU-2014:0674",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html"
},
{
"name": "DSA-3038",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3038"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0560.html"
},
{
"name": "openSUSE-SU-2014:0650",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
"url": "http://security.libvirt.org/2014/0003.html",
"refsource": "MISC",
"name": "http://security.libvirt.org/2014/0003.html"
},
{
"name": "USN-2366-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2366-1"
"url": "http://www.debian.org/security/2014/dsa-3038",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3038"
},
{
"name": "http://security.libvirt.org/2014/0003.html",
"refsource": "CONFIRM",
"url": "http://security.libvirt.org/2014/0003.html"
"url": "http://www.ubuntu.com/usn/USN-2366-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2366-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0560",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0560"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0914",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0914"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0179",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0179"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088290",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1088290"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

157
2014/0xxx/CVE-2014-0189.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0189",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file."
"value": "It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file."
}
]
},
@ -44,38 +21,130 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:0.9-6.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:0.10-8.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.11-5.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "67089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67089"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0430.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0430.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1088732",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088732"
"url": "http://www.openwall.com/lists/oss-security/2014/04/28/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/04/28/2"
},
{
"name": "[oss-security] 20140428 CVE-2014-0189: /etc/sysconfig/virt-who is world-readable (contains unencrypted passwords)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/28/2"
"url": "http://www.securityfocus.com/bid/67089",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/67089"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1081286",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1081286"
"url": "https://access.redhat.com/errata/RHBA-2014:1206",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2014:1206"
},
{
"name": "RHSA-2015:0430",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0430.html"
"url": "https://access.redhat.com/errata/RHBA-2014:1513",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2014:1513"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0430",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0430"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0189",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0189"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1081286",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1081286"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088732",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1088732"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

112
2014/0xxx/CVE-2014-0199.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0199",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file."
"value": "CVE-2014-0199 ovirt-engine-reports: setup script logs database password in cleartext"
}
]
},
@ -44,23 +21,88 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.3",
"version": {
"version_data": [
{
"version_value": "0:3.3.3-1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "67682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67682"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0558.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0558.html"
},
{
"name": "RHSA-2014:0558",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0558.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0558",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0558"
},
{
"url": "http://www.securityfocus.com/bid/67682",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/67682"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0199",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0199"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094222",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094222"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

106
2014/0xxx/CVE-2014-0201.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0201",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files."
"value": "CVE-2014-0201 ovirt-engine-reports: various configuration files are world-readable"
}
]
},
@ -44,18 +21,83 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.3",
"version": {
"version_data": [
{
"version_value": "0:3.3.3-1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0558",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0558.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0558.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0558.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0558",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0558"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0201",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0201"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094231",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094231"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

163
2014/0xxx/CVE-2014-0205.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0205",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count."
"value": "A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation."
}
]
},
@ -44,43 +21,135 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.29.2.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-220.56.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.4 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-358.49.1.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1365",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1365.html"
"url": "https://access.redhat.com/errata/RHSA-2014:1167",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1167"
},
{
"name": "https://github.com/torvalds/linux/commit/7ada876a8703f23befbb20a7465a702ee39b1704",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/7ada876a8703f23befbb20a7465a702ee39b1704"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ada876a8703f23befbb20a7465a702ee39b1704",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ada876a8703f23befbb20a7465a702ee39b1704"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ada876a8703f23befbb20a7465a702ee39b1704",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ada876a8703f23befbb20a7465a702ee39b1704"
"url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.37",
"refsource": "MISC",
"name": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.37"
},
{
"name": "RHSA-2014:1763",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1763.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1365.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1365.html"
},
{
"name": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.37",
"refsource": "CONFIRM",
"url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.37"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1763.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1763.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094455",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094455"
"url": "https://access.redhat.com/errata/RHSA-2014:1365",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1365"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1763",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1763"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0205",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0205"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094455",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094455"
},
{
"url": "https://github.com/torvalds/linux/commit/7ada876a8703f23befbb20a7465a702ee39b1704",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/7ada876a8703f23befbb20a7465a702ee39b1704"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

232
2014/0xxx/CVE-2014-0222.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0222",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image."
"value": "An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process."
}
]
},
@ -44,53 +21,202 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.14",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.14",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-60.el7_0.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.14",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-60.el7_0.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.14",
"version_affected": "!"
},
{
"version_value": "0:6.5-20140821.1.el6ev",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[Qemu-devel] 20140512 [PATCH 3/5] qcow1: Validate L2 table size (CVE-2014-0222)",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"name": "SUSE-SU-2015:0929",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html",
"refsource": "MISC",
"name": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0927",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0927"
},
{
"name": "67357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67357"
"url": "https://access.redhat.com/errata/RHSA-2014:1268",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1268"
},
{
"name": "DSA-3044",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3044"
"url": "http://www.debian.org/security/2014/dsa-3044",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3044"
},
{
"name": "openSUSE-SU-2015:1965",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"
"url": "https://access.redhat.com/errata/RHSA-2014:1168",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1168"
},
{
"name": "FEDORA-2014-6970",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
},
{
"name": "FEDORA-2014-6288",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"
},
{
"url": "http://www.securityfocus.com/bid/67357",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/67357"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1075",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1075"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1076",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1076"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1187",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1187"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0222",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0222"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1097216",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1097216"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

220
2014/0xxx/CVE-2014-0223.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0223",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read."
"value": "An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process."
}
]
},
@ -44,43 +21,192 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.14",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.14",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-60.el7_0.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.14",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-60.el7_0.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.415.el6_5.14",
"version_affected": "!"
},
{
"version_value": "0:6.5-20140821.1.el6ev",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "67391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67391"
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html",
"refsource": "MISC",
"name": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20140512 [PATCH 4/5] qcow1: Validate image size (CVE-2014-0223)",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0927",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0927"
},
{
"name": "SUSE-SU-2015:0929",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
"url": "https://access.redhat.com/errata/RHSA-2014:1268",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1268"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
"url": "http://www.debian.org/security/2014/dsa-3044",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3044"
},
{
"name": "DSA-3044",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3044"
"url": "https://access.redhat.com/errata/RHSA-2014:1168",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1168"
},
{
"name": "FEDORA-2014-6970",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1075",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1075"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1076",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1076"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1187",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1187"
},
{
"url": "http://www.securityfocus.com/bid/67391",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/67391"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0223",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0223"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1097222",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1097222"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

129
2014/0xxx/CVE-2014-0233.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0233",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme."
"value": "CVE-2014-0233 OpenShift: downloadable cartridge source url file command execution as root"
}
]
},
@ -44,28 +21,104 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Enterprise 2.0",
"version": {
"version_data": [
{
"version_value": "0:1.17.5.16-1.el6op",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Enterprise 2.1",
"version": {
"version_data": [
{
"version_value": "0:1.23.9.4-1.el6op",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0530",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0530.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0529.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0529.html"
},
{
"name": "RHSA-2014:0529",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0529.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0530.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0530.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1096955",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1096955"
"url": "https://access.redhat.com/errata/RHSA-2014:0529",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0529"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0530",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0530"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0233",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0233"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1096955",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1096955"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

18
2023/25xxx/CVE-2023-25069.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25069",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}