admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 15:01:24 +00:00
parent 4b3cfe2c06
commit c5324cc5f6
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
19 changed files with 3719 additions and 1061 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

656
2008/1xxx/CVE-2008-1232.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-1232",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method."
"value": "CVE-2008-1232 tomcat: Cross-Site-Scripting enabled by sendError call"
}
]
},
@ -44,338 +21,569 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "JBEAP 4.2.0 for RHEL 4",
"version": {
"version_data": [
{
"version_value": "0:2.0.0-5.CP07.0jpp.ep1.1.el4",
"version_affected": "!"
}
]
}
},
{
"product_name": "JBEAP 4.2.0 for RHEL 5",
"version": {
"version_data": [
{
"version_value": "0:2.0.0-5.CP07.0jpp.ep1.1.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Certificate System 7.3",
"version": {
"version_data": [
{
"version_value": "0:1.6.5-1jpp_1rh",
"version_affected": "!"
},
{
"version_value": "0:1.2-2jpp_4rh",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-1jpp_3rh",
"version_affected": "!"
},
{
"version_value": "0:1.0-2jpp_6rh",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-2jpp_8rh",
"version_affected": "!"
},
{
"version_value": "0:1.0-0.M4.1jpp_10rh",
"version_affected": "!"
},
{
"version_value": "0:2.0-3jpp_2rh",
"version_affected": "!"
},
{
"version_value": "0:1.2.12-1jpp_1rh",
"version_affected": "!"
},
{
"version_value": "1:3.0.1-1jpp_4rh",
"version_affected": "!"
},
{
"version_value": "0:1.3.3-3.el4",
"version_affected": "!"
},
{
"version_value": "0:7.3.0-20.el4",
"version_affected": "!"
},
{
"version_value": "0:7.3.0-10.el4",
"version_affected": "!"
},
{
"version_value": "0:7.3.0-14.el4",
"version_affected": "!"
},
{
"version_value": "0:7.3.0-19.el4",
"version_affected": "!"
},
{
"version_value": "0:7.3.0-6.el4",
"version_affected": "!"
},
{
"version_value": "0:7.3.0-13.el4",
"version_affected": "!"
},
{
"version_value": "0:5.5.23-0jpp_4rh.16",
"version_affected": "!"
},
{
"version_value": "0:2.7.1-1jpp_1rh",
"version_affected": "!"
},
{
"version_value": "0:1.3.02-2jpp_1rh",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Developer Suite V.3",
"version": {
"version_data": [
{
"version_value": "0:5.5.23-0jpp_12rh",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:5.5.23-0jpp.7.el5_2.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4",
"version": {
"version_data": [
{
"version_value": "0:2.0.0-5.CP07.0jpp.ep1.1.el4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5",
"version": {
"version_data": [
{
"version_value": "0:2.0.0-5.CP07.0jpp.ep1.1.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Network Satellite Server v 5.0",
"version": {
"version_data": [
{
"version_value": "0:5.0.30-0jpp_12rh",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Network Satellite Server v 5.1",
"version": {
"version_data": [
{
"version_value": "0:5.0.30-0jpp_12rh",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHAPS Version 2 for RHEL 4",
"version": {
"version_data": [
{
"version_value": "0:5.5.23-0jpp_4rh.9",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1020622",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020622"
"url": "http://secunia.com/advisories/37460",
"refsource": "MISC",
"name": "http://secunia.com/advisories/37460"
},
{
"name": "oval:org.mitre.oval:def:5985",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985"
"url": "http://tomcat.apache.org/security-4.html",
"refsource": "MISC",
"name": "http://tomcat.apache.org/security-4.html"
},
{
"name": "http://tomcat.apache.org/security-4.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-4.html"
"url": "http://tomcat.apache.org/security-5.html",
"refsource": "MISC",
"name": "http://tomcat.apache.org/security-5.html"
},
{
"name": "RHSA-2008:0862",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
"url": "http://tomcat.apache.org/security-6.html",
"refsource": "MISC",
"name": "http://tomcat.apache.org/security-6.html"
},
{
"name": "ADV-2009-1609",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1609"
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "ADV-2009-2194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2194"
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "MISC",
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "34013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34013"
"url": "http://www.vupen.com/english/advisories/2009/3316",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx",
"refsource": "CONFIRM",
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx"
"url": "https://access.redhat.com/errata/RHSA-2010:0602",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0602"
},
{
"name": "ADV-2008-2823",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2823"
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "37460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37460"
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html"
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "31982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31982"
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "32120",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32120"
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "oval:org.mitre.oval:def:11181",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181"
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "33999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33999"
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "30496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30496"
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"name": "31865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31865"
"url": "http://secunia.com/advisories/32120",
"refsource": "MISC",
"name": "http://secunia.com/advisories/32120"
},
{
"name": "4098",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4098"
"url": "http://secunia.com/advisories/32222",
"refsource": "MISC",
"name": "http://secunia.com/advisories/32222"
},
{
"name": "FEDORA-2008-8130",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"
"url": "http://secunia.com/advisories/32266",
"refsource": "MISC",
"name": "http://secunia.com/advisories/32266"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095"
"url": "http://secunia.com/advisories/57126",
"refsource": "MISC",
"name": "http://secunia.com/advisories/57126"
},
{
"name": "31639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31639"
"url": "http://support.apple.com/kb/HT3216",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT3216"
},
{
"name": "SUSE-SR:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm",
"refsource": "MISC",
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
},
{
"name": "36108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36108"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"
},
{
"name": "MDVSA-2008:188",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"
"url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
},
{
"name": "31379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31379"
"url": "http://www.securityfocus.com/bid/31681",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/31681"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
"url": "http://www.vupen.com/english/advisories/2008/2780",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "ADV-2009-0320",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0320"
"url": "http://www.vupen.com/english/advisories/2008/2823",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2008/2823"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
"url": "https://access.redhat.com/errata/RHSA-2008:0862",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2008:0862"
},
{
"name": "RHSA-2008:0864",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
"url": "http://secunia.com/advisories/31982",
"refsource": "MISC",
"name": "http://secunia.com/advisories/31982"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx",
"refsource": "MISC",
"name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx"
},
{
"name": "57126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57126"
"url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
"url": "http://secunia.com/advisories/31379",
"refsource": "MISC",
"name": "http://secunia.com/advisories/31379"
},
{
"name": "31891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31891"
"url": "http://secunia.com/advisories/31381",
"refsource": "MISC",
"name": "http://secunia.com/advisories/31381"
},
{
"name": "33797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33797"
"url": "http://secunia.com/advisories/31639",
"refsource": "MISC",
"name": "http://secunia.com/advisories/31639"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500"
"url": "http://secunia.com/advisories/31865",
"refsource": "MISC",
"name": "http://secunia.com/advisories/31865"
},
{
"name": "20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505556/100/0/threaded"
"url": "http://secunia.com/advisories/31891",
"refsource": "MISC",
"name": "http://secunia.com/advisories/31891"
},
{
"name": "FEDORA-2008-7977",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"
"url": "http://secunia.com/advisories/33797",
"refsource": "MISC",
"name": "http://secunia.com/advisories/33797"
},
{
"name": "ADV-2008-2305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2305"
"url": "http://secunia.com/advisories/33999",
"refsource": "MISC",
"name": "http://secunia.com/advisories/33999"
},
{
"name": "FEDORA-2008-8113",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"
"url": "http://secunia.com/advisories/34013",
"refsource": "MISC",
"name": "http://secunia.com/advisories/34013"
},
{
"name": "20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504351/100/0/threaded"
"url": "http://secunia.com/advisories/35474",
"refsource": "MISC",
"name": "http://secunia.com/advisories/35474"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-5.html"
"url": "http://secunia.com/advisories/36108",
"refsource": "MISC",
"name": "http://secunia.com/advisories/36108"
},
{
"name": "35474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35474"
"url": "http://securityreason.com/securityalert/4098",
"refsource": "MISC",
"name": "http://securityreason.com/securityalert/4098"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
"url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2008-0648.html"
},
{
"name": "31381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31381"
"url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2008-0864.html"
},
{
"name": "HPSBUX02401",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"
"url": "http://www.securityfocus.com/archive/1/495021/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/495021/100/0/threaded"
},
{
"name": "HPSBST02955",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
"url": "http://www.securityfocus.com/archive/1/504351/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/504351/100/0/threaded"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
"url": "http://www.securityfocus.com/archive/1/505556/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/505556/100/0/threaded"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
"url": "http://www.securityfocus.com/bid/30496",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/30496"
},
{
"name": "ADV-2009-0503",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0503"
"url": "http://www.securitytracker.com/id?1020622",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1020622"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html",
"refsource": "MISC",
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html"
},
{
"name": "SSRT090005",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"
"url": "http://www.vupen.com/english/advisories/2008/2305",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2008/2305"
},
{
"name": "tomcat-httpservletresponse-xss(44155)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155"
"url": "http://www.vupen.com/english/advisories/2009/0320",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2009/0320"
},
{
"name": "20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495021/100/0/threaded"
"url": "http://www.vupen.com/english/advisories/2009/0503",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2009/0503"
},
{
"name": "32266",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32266"
"url": "http://www.vupen.com/english/advisories/2009/1609",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2009/1609"
},
{
"name": "RHSA-2008:0648",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html"
"url": "http://www.vupen.com/english/advisories/2009/2194",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2009/2194"
},
{
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
"url": "https://access.redhat.com/errata/RHSA-2008:0648",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2008:0648"
},
{
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
"url": "https://access.redhat.com/errata/RHSA-2008:0864",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2008:0864"
},
{
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
"url": "https://access.redhat.com/errata/RHSA-2008:0877",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2008:0877"
},
{
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
"url": "https://access.redhat.com/errata/RHSA-2008:1007",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2008:1007"
},
{
"refsource": "MLIST",
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
"url": "https://access.redhat.com/security/cve/CVE-2008-1232",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"refsource": "MLIST",
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"refsource": "MLIST",
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985"
},
{
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500",
"refsource": "MISC",
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500"
},
{
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095",
"refsource": "MISC",
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095"
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html",
"refsource": "MISC",
"name": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html",
"refsource": "MISC",
"name": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html",
"refsource": "MISC",
"name": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"
}
]
}

153
2008/1xxx/CVE-2008-1676.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-1676",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate."
"value": "CVE-2008-1676 Certificate System: incorrect handling of Extensions in CSRs (cs71)"
}
]
},
@ -44,48 +21,124 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Validation of Certificate with Host Mismatch",
"cweId": "CWE-297"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Certificate System 7.2 for RHEL 4",
"version": {
"version_data": [
{
"version_value": "0:7.2.0-11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Certificate System 7.3",
"version": {
"version_data": [
{
"version_value": "0:7.3.0-29.el4",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "30062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30062"
"url": "http://rhn.redhat.com/errata/RHSA-2008-0500.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2008-0500.html"
},
{
"name": "rhcs-rhpkicommon-csr-security-bypass(43573)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43573"
"url": "http://rhn.redhat.com/errata/RHSA-2008-0577.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2008-0577.html"
},
{
"name": "RHSA-2008:0500",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0500.html"
"url": "http://secunia.com/advisories/30929",
"refsource": "MISC",
"name": "http://secunia.com/advisories/30929"
},
{
"name": "1020427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020427"
"url": "http://www.securityfocus.com/bid/30062",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/30062"
},
{
"name": "RHSA-2008:0577",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0577.html"
"url": "http://www.securitytracker.com/id?1020427",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1020427"
},
{
"name": "30929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30929"
"url": "https://access.redhat.com/errata/RHSA-2008:0500",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2008:0500"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=445227",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=445227"
"url": "https://access.redhat.com/errata/RHSA-2008:0577",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2008:0577"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2008-1676",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2008-1676"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=445227",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=445227"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43573",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43573"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

496
2008/3xxx/CVE-2008-3529.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-3529",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name."
"value": "CVE-2008-3529 libxml2: long entity name heap buffer overflow"
}
]
},
@ -44,278 +21,351 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 2.1",
"version": {
"version_data": [
{
"version_value": "0:2.4.19-11.ent",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 3",
"version": {
"version_data": [
{
"version_value": "0:2.5.10-13",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.6.16-12.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.26-2.1.2.6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-815-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-815-1"
},
{
"name": "USN-644-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/644-1/"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm"
},
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "31860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31860"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1"
},
{
"name": "32280",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32280"
},
{
"name": "31855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31855"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "libxml2-entitynames-bo(45085)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45085"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "32807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32807"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "31982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31982"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=461015",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461015"
},
{
"name": "31868",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31868"
},
{
"name": "DSA-1654",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1654"
},
{
"name": "http://xmlsoft.org/news.html",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html",
"refsource": "MISC",
"url": "http://xmlsoft.org/news.html"
"name": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "oval:org.mitre.oval:def:6103",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103"
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "ADV-2009-1298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1298"
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
"url": "http://secunia.com/advisories/31558",
"refsource": "MISC",
"name": "http://secunia.com/advisories/31558"
},
{
"name": "8798",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8798"
"url": "http://secunia.com/advisories/31855",
"refsource": "MISC",
"name": "http://secunia.com/advisories/31855"
},
{
"name": "36173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36173"
"url": "http://secunia.com/advisories/31982",
"refsource": "MISC",
"name": "http://secunia.com/advisories/31982"
},
{
"name": "RHSA-2008:0884",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0884.html"
"url": "http://secunia.com/advisories/32807",
"refsource": "MISC",
"name": "http://secunia.com/advisories/32807"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
"url": "http://secunia.com/advisories/32974",
"refsource": "MISC",
"name": "http://secunia.com/advisories/32974"
},
{
"name": "1020855",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020855"
"url": "http://secunia.com/advisories/35379",
"refsource": "MISC",
"name": "http://secunia.com/advisories/35379"
},
{
"name": "32265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32265"
"url": "http://security.gentoo.org/glsa/glsa-200812-06.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-200812-06.xml"
},
{
"name": "GLSA-200812-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-06.xml"
"url": "http://support.apple.com/kb/HT3613",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT3613"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
"url": "http://support.apple.com/kb/HT3639",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT3639"
},
{
"name": "33715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33715"
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0325",
"refsource": "MISC",
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0325"
},
{
"name": "SUSE-SR:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:192",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:192"
},
{
"name": "35056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35056"
"url": "http://www.vupen.com/english/advisories/2009/1522",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0325",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0325"
"url": "http://www.vupen.com/english/advisories/2009/1621",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "247346",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1"
"url": "http://xmlsoft.org/news.html",
"refsource": "MISC",
"name": "http://xmlsoft.org/news.html"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00000.html"
"url": "https://usn.ubuntu.com/644-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/644-1/"
},
{
"name": "31126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31126"
"url": "http://secunia.com/advisories/35074",
"refsource": "MISC",
"name": "http://secunia.com/advisories/35074"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm"
"url": "http://support.apple.com/kb/HT3549",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT3549"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html",
"refsource": "MISC",
"name": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "33722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33722"
"url": "http://www.vupen.com/english/advisories/2009/1297",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "MDVSA-2008:192",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:192"
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00000.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2009/May/msg00000.html"
},
{
"name": "32974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32974"
"url": "http://secunia.com/advisories/31860",
"refsource": "MISC",
"name": "http://secunia.com/advisories/31860"
},
{
"name": "oval:org.mitre.oval:def:11760",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760"
"url": "http://secunia.com/advisories/31868",
"refsource": "MISC",
"name": "http://secunia.com/advisories/31868"
},
{
"name": "36235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36235"
"url": "http://secunia.com/advisories/32265",
"refsource": "MISC",
"name": "http://secunia.com/advisories/32265"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
"url": "http://secunia.com/advisories/32280",
"refsource": "MISC",
"name": "http://secunia.com/advisories/32280"
},
{
"name": "265329",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1"
"url": "http://secunia.com/advisories/33715",
"refsource": "MISC",
"name": "http://secunia.com/advisories/33715"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
"url": "http://secunia.com/advisories/33722",
"refsource": "MISC",
"name": "http://secunia.com/advisories/33722"
},
{
"name": "http://support.apple.com/kb/HT3550",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3550"
"url": "http://secunia.com/advisories/35056",
"refsource": "MISC",
"name": "http://secunia.com/advisories/35056"
},
{
"name": "261688",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1"
"url": "http://secunia.com/advisories/36173",
"refsource": "MISC",
"name": "http://secunia.com/advisories/36173"
},
{
"name": "31558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31558"
"url": "http://secunia.com/advisories/36235",
"refsource": "MISC",
"name": "http://secunia.com/advisories/36235"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
"url": "http://securitytracker.com/id?1020855",
"refsource": "MISC",
"name": "http://securitytracker.com/id?1020855"
},
{
"name": "ADV-2008-2822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2822"
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1",
"refsource": "MISC",
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "RHSA-2008:0886",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0886.html"
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1",
"refsource": "MISC",
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1"
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1",
"refsource": "MISC",
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1"
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1",
"refsource": "MISC",
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1"
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1",
"refsource": "MISC",
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1"
},
{
"url": "http://support.apple.com/kb/HT3550",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT3550"
},
{
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm",
"refsource": "MISC",
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm"
},
{
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm",
"refsource": "MISC",
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm"
},
{
"url": "http://www.debian.org/security/2008/dsa-1654",
"refsource": "MISC",
"name": "http://www.debian.org/security/2008/dsa-1654"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0884.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2008-0884.html"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0886.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2008-0886.html"
},
{
"url": "http://www.securityfocus.com/bid/31126",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/31126"
},
{
"url": "http://www.ubuntu.com/usn/USN-815-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-815-1"
},
{
"url": "http://www.vupen.com/english/advisories/2008/2822",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2008/2822"
},
{
"url": "http://www.vupen.com/english/advisories/2009/1298",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2009/1298"
},
{
"url": "https://access.redhat.com/errata/RHSA-2008:0884",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2008:0884"
},
{
"url": "https://access.redhat.com/errata/RHSA-2008:0886",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2008:0886"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2008-3529",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2008-3529"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461015",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=461015"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45085",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45085"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103"
},
{
"url": "https://www.exploit-db.com/exploits/8798",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/8798"
}
]
}

263
2010/4xxx/CVE-2010-4643.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4643",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document."
"value": "CVE-2010-4643 OpenOffice.org: heap based buffer overflow when parsing TGA files"
}
]
},
@ -44,123 +21,219 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:1.1.5-10.7.el4_8.10",
"version_affected": "!"
},
{
"version_value": "1:2.0.4-5.7.0.6.1.el4_8.8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "1:3.1.1-19.5.el5_5.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "1:3.2.1-19.6.el6_0.5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "40775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40775"
"url": "http://secunia.com/advisories/40775",
"refsource": "MISC",
"name": "http://secunia.com/advisories/40775"
},
{
"name": "46031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46031"
"url": "http://secunia.com/advisories/43105",
"refsource": "MISC",
"name": "http://secunia.com/advisories/43105"
},
{
"name": "DSA-2151",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2151"
"url": "http://secunia.com/advisories/60799",
"refsource": "MISC",
"name": "http://secunia.com/advisories/60799"
},
{
"name": "60799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60799"
"url": "http://ubuntu.com/usn/usn-1056-1",
"refsource": "MISC",
"name": "http://ubuntu.com/usn/usn-1056-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml",
"refsource": "MISC",
"name": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "GLSA-201408-19",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
"url": "http://www.vupen.com/english/advisories/2011/0230",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "43118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43118"
"url": "http://www.vupen.com/english/advisories/2011/0279",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0279"
},
{
"name": "43065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43065"
"url": "http://secunia.com/advisories/42999",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42999"
},
{
"name": "ADV-2011-0230",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0230"
"url": "http://secunia.com/advisories/43065",
"refsource": "MISC",
"name": "http://secunia.com/advisories/43065"
},
{
"name": "1025002",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025002"
"url": "http://secunia.com/advisories/43118",
"refsource": "MISC",
"name": "http://secunia.com/advisories/43118"
},
{
"name": "ADV-2011-0232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0232"
"url": "http://www.debian.org/security/2011/dsa-2151",
"refsource": "MISC",
"name": "http://www.debian.org/security/2011/dsa-2151"
},
{
"name": "70718",
"refsource": "OSVDB",
"url": "http://osvdb.org/70718"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
},
{
"name": "RHSA-2011:0182",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=667588",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667588"
"url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2011-0181.html"
},
{
"name": "USN-1056-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1056-1"
"url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
},
{
"name": "RHSA-2011:0181",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html"
"url": "http://www.securityfocus.com/bid/46031",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/46031"
},
{
"name": "ADV-2011-0279",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0279"
"url": "http://www.securitytracker.com/id?1025002",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1025002"
},
{
"name": "ooo-tga-bo(65441)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65441"
"url": "http://www.vupen.com/english/advisories/2011/0232",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0232"
},
{
"name": "43105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43105"
"url": "https://access.redhat.com/errata/RHSA-2011:0181",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:0181"
},
{
"name": "MDVSA-2011:027",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
"url": "https://access.redhat.com/errata/RHSA-2011:0182",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:0182"
},
{
"name": "42999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42999"
"url": "https://access.redhat.com/errata/RHSA-2011:0183",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:0183"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2010-4643.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2010-4643.html"
"url": "http://osvdb.org/70718",
"refsource": "MISC",
"name": "http://osvdb.org/70718"
},
{
"url": "http://www.openoffice.org/security/cves/CVE-2010-4643.html",
"refsource": "MISC",
"name": "http://www.openoffice.org/security/cves/CVE-2010-4643.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-4643",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-4643"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667588",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=667588"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65441",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65441"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

206
2018/14xxx/CVE-2018-14625.json
View File

@ -1,131 +1,159 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14625",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients."
"value": "A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly impersonate AF_VSOCK messages destined to other clients or leak kernel memory."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-1062.rt56.1022.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-1062.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.16.1.el7a",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625"
},
{
"name": "USN-3872-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3872-1/"
},
{
"name": "USN-3878-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3878-1/"
},
{
"name": "USN-3871-5",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-5/"
},
{
"name": "USN-3878-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3878-2/"
},
{
"name": "USN-3871-4",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-4/"
},
{
"name": "https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039",
"url": "https://usn.ubuntu.com/3871-1/",
"refsource": "MISC",
"url": "https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039"
"name": "https://usn.ubuntu.com/3871-1/"
},
{
"name": "USN-3871-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-1/"
"url": "https://usn.ubuntu.com/3871-3/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-3/"
},
{
"name": "USN-3871-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-3/"
"url": "https://usn.ubuntu.com/3871-4/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-4/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
"url": "https://usn.ubuntu.com/3871-5/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3871-5/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2043",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
"url": "https://access.redhat.com/errata/RHSA-2019:2029",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:2029",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
"url": "https://access.redhat.com/errata/RHSA-2019:2043",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4154",
"url": "https://access.redhat.com/errata/RHSA-2019:4154"
"url": "https://access.redhat.com/errata/RHSA-2019:4154",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:4154"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-14625",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-14625"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619846",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1619846"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"url": "https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039",
"refsource": "MISC",
"name": "https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039"
},
{
"url": "https://usn.ubuntu.com/3872-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3872-1/"
},
{
"url": "https://usn.ubuntu.com/3878-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3878-1/"
},
{
"url": "https://usn.ubuntu.com/3878-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3878-2/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
}

148
2018/1xxx/CVE-2018-1118.json
View File

@ -1,101 +1,129 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1118",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vhost",
"version": {
"version_data": [
{
"version_value": "since 4.8"
}
]
}
}
]
},
"vendor_name": "kernel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file."
"value": "The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "2.3/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665"
"value": "Improper Initialization",
"cweId": "CWE-665"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.rt56.910.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
"url": "https://access.redhat.com/errata/RHSA-2018:2948",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "USN-3762-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3762-1/"
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
"url": "https://access.redhat.com/errata/RHSA-2018:3083",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
"url": "https://access.redhat.com/errata/RHSA-2018:3096",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3762-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3762-2/"
"url": "https://access.redhat.com/security/cve/CVE-2018-1118",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1118"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573699",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1573699"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118"
},
{
"url": "https://usn.ubuntu.com/3762-1/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3762-1/"
},
{
"url": "https://usn.ubuntu.com/3762-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3762-2/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
}

1307
2019/14xxx/CVE-2019-14825.json
View File

File diff suppressed because it is too large Load Diff

275
2019/14xxx/CVE-2019-14868.json
View File

@ -1,25 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14868",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KornShell",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "ksh",
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "20120801"
"version_value": "0:20120801-38.el6_10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:20120801-140.el7_7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:20120801-26.el7_2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:20120801-27.el7_3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "0:20120801-36.el7_4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:20120801-36.el7_4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "0:20120801-36.el7_4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:20120801-138.el7_5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:20120801-140.el7_6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:20120801-253.el8_1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "0:20120801-253.el8_0",
"version_affected": "!"
}
]
}
@ -30,63 +162,112 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/kb/HT211170",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT211170"
},
{
"url": "http://seclists.org/fulldisclosure/2020/May/53",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2020/May/53"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0431",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0431"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0515",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0515"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0559",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0559"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0568",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0568"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:1332",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1332"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:1333",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1333"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:2210",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:2210"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:5351",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:5351"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:5352",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:5352"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-14868",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-14868"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757324",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1757324"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868"
},
{
"url": "https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2",
"name": "https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2",
"refsource": "MISC"
"refsource": "MISC",
"name": "https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT211170",
"url": "https://support.apple.com/kb/HT211170"
},
{
"refsource": "FULLDISC",
"name": "20200529 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra",
"url": "http://seclists.org/fulldisclosure/2020/May/53"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2284-1] ksh security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely."
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html"
}
]
},
"work_around": [
{
"lang": "en",
"value": "No known mitigation available."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "7.4/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

120
2019/14xxx/CVE-2019-14894.json
View File

@ -1,28 +1,58 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14894",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the CloudForms management engine, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "CloudForms",
"product_name": "CloudForms Management Engine 5.10",
"version": {
"version_data": [
{
"version_value": "5.10"
},
"version_value": "0:5.10.15.1-1.el7cf",
"version_affected": "!"
}
]
}
},
{
"product_name": "CloudForms Management Engine 5.11",
"version": {
"version_data": [
{
"version_value": "5.11"
"version_value": "0:5.11.3.1-1.el8cf",
"version_affected": "!"
}
]
}
@ -33,51 +63,57 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14894",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14894",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
"url": "https://access.redhat.com/errata/RHSA-2020:0588",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0588"
},
{
"lang": "eng",
"value": "A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root."
"url": "https://access.redhat.com/errata/RHSA-2020:0589",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0589"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-14894",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-14894"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769411",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1769411"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14894",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14894"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jaroslav Henner (Red Hat)."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "8/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

147
2019/14xxx/CVE-2019-14898.json
View File

@ -1,25 +1,66 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14898",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fix for CVE-2019-11599 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Locking",
"cweId": "CWE-667"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux kernel",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "kernel",
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "< 5.0.10"
"version_value": "0:3.10.0-1062.12.1.rt56.1042.el7",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-1062.12.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:4.18.0-147.5.1.rt24.98.el8_1",
"version_affected": "!"
},
{
"version_value": "0:4.18.0-147.5.1.el8_1",
"version_affected": "!"
}
]
}
@ -30,26 +71,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-667"
}
]
}
]
},
"references": {
"reference_data": [
{
@ -78,33 +99,75 @@
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1790"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
"url": "https://access.redhat.com/errata/RHSA-2020:0328",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0328"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0339",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0339"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0374",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0374"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0375",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0375"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2019-14898",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-14898"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774671",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1774671"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898"
},
{
"lang": "eng",
"value": "The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls."
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Vladis Dronov (Red Hat Engineering)."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "7.0/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

148
2020/1xxx/CVE-2020-1707.json
View File

@ -1,25 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1707",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "openshift/postgresql-apb",
"product_name": "Red Hat OpenShift Container Platform 3.11",
"version": {
"version_data": [
{
"version_value": "n/a"
"version_value": "v3.11.188-4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.1",
"version": {
"version_data": [
{
"version_value": "v4.1.37-202003021622",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.2",
"version": {
"version_data": [
{
"version_value": "v4.2.21-202002240343",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.3",
"version": {
"version_data": [
{
"version_value": "v4.3.5-202003020549",
"version_affected": "!"
}
]
}
@ -30,43 +85,72 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
"url": "https://access.redhat.com/articles/4859371",
"refsource": "MISC",
"name": "https://access.redhat.com/articles/4859371"
},
{
"lang": "eng",
"value": "A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
"url": "https://access.redhat.com/errata/RHSA-2020:0617",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0617"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0681",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0681"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0694",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0694"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0801",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:0801"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2020-1707",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2020-1707"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793301",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793301"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Joseph LaMagna-Reiter (SPR Inc.) for reporting this issue."
}
],
"impact": {
"cvss": [
[
{
"vectorString": "7.0/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

105
2022/1xxx/CVE-2022-1354.json
View File

@ -1,25 +1,47 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1354",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "libtiff",
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "Not-Known"
"version_value": "0:4.4.0-2.el9",
"version_affected": "!"
}
]
}
@ -30,67 +52,70 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 - Out-of-bounds Read."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/319",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2074404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074404"
"name": "https://gitlab.com/libtiff/libtiff/-/issues/319"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798",
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/issues/319",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/319"
"name": "https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-1354",
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798",
"url": "https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798"
"name": "https://access.redhat.com/security/cve/CVE-2022-1354"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8194",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1354",
"url": "https://access.redhat.com/security/cve/CVE-2022-1354"
"name": "https://access.redhat.com/errata/RHSA-2022:8194"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221014-0007/",
"url": "https://security.netapp.com/advisory/ntap-20221014-0007/"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074404",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2074404"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-10",
"url": "https://security.gentoo.org/glsa/202210-10"
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
"url": "https://security.gentoo.org/glsa/202210-10",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202210-10"
},
{
"refsource": "DEBIAN",
"name": "DSA-5333",
"url": "https://www.debian.org/security/2023/dsa-5333"
"url": "https://security.netapp.com/advisory/ntap-20221014-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20221014-0007/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5333",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5333"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service."
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

121
2022/1xxx/CVE-2022-1355.json
View File

@ -1,25 +1,58 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1355",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "libtiff",
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "Not-Known"
"version_value": "0:4.0.9-23.el8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "0:4.4.0-2.el9",
"version_affected": "!"
}
]
}
@ -30,67 +63,75 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 - Stack-based Buffer Overflow."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/400",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2074415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074415"
"name": "https://gitlab.com/libtiff/libtiff/-/issues/400"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/323",
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/issues/400",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/400"
"name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/323"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-1355",
"refsource": "MISC",
"name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/323",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/323"
"name": "https://access.redhat.com/security/cve/CVE-2022-1355"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8194",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-1355",
"url": "https://access.redhat.com/security/cve/CVE-2022-1355"
"name": "https://access.redhat.com/errata/RHSA-2022:8194"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221014-0007/",
"url": "https://security.netapp.com/advisory/ntap-20221014-0007/"
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-10",
"url": "https://security.gentoo.org/glsa/202210-10"
"url": "https://security.gentoo.org/glsa/202210-10",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202210-10"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
"url": "https://security.netapp.com/advisory/ntap-20221014-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20221014-0007/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5333",
"url": "https://www.debian.org/security/2023/dsa-5333"
"url": "https://www.debian.org/security/2023/dsa-5333",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5333"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7585",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7585"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074415",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2074415"
}
]
},
"description": {
"description_data": [
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service."
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
]
}

101
2022/2xxx/CVE-2022-2832.json
View File

@ -1,25 +1,55 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2832",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of NullPointerException Catch to Detect NULL Pointer Dereference",
"cweId": "CWE-395"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Blender",
"product_name": "OSE-OSC-1.3-RHEL-8",
"version": {
"version_data": [
{
"version_value": "Blender 3.3.0"
"version_value": "1.3.1-5",
"version_affected": "!"
},
{
"version_value": "1.3.1-6",
"version_affected": "!"
},
{
"version_value": "1.3.1-10",
"version_affected": "!"
}
]
}
@ -30,42 +60,61 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-395"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.blender.org/T99706",
"refsource": "MISC",
"name": "https://developer.blender.org/T99706",
"url": "https://developer.blender.org/T99706"
"name": "https://developer.blender.org/T99706"
},
{
"url": "https://developer.blender.org/D15463",
"refsource": "MISC",
"name": "https://developer.blender.org/D15463",
"url": "https://developer.blender.org/D15463"
"name": "https://developer.blender.org/D15463"
},
{
"url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c",
"refsource": "MISC",
"name": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c",
"url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
"name": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:7058",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2022:7058"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2832",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-2832"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556"
}
]
},
"description": {
"description_data": [
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank sangjun for reporting this issue."
}
],
"impact": {
"cvss": [
{
"lang": "eng",
"value": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity."
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

96
2023/0xxx/CVE-2023-0646.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0646",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220033 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In dst-admin 1.5.0 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /home/cavesConsole. Dank der Manipulation des Arguments command mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "dst-admin",
"version": {
"version_data": [
{
"version_value": "1.5.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.220033",
"refsource": "MISC",
"name": "https://vuldb.com/?id.220033"
},
{
"url": "https://vuldb.com/?ctiid.220033",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.220033"
},
{
"url": "https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0cavesConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C",
"refsource": "MISC",
"name": "https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0cavesConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C"
}
]
},
"credits": [
{
"lang": "en",
"value": "yanfei.chen (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}

96
2023/0xxx/CVE-2023-0647.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0647",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in dst-admin 1.5.0 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /home/kickPlayer. Dank Manipulation des Arguments userId mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "dst-admin",
"version": {
"version_data": [
{
"version_value": "1.5.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.220034",
"refsource": "MISC",
"name": "https://vuldb.com/?id.220034"
},
{
"url": "https://vuldb.com/?ctiid.220034",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.220034"
},
{
"url": "https://github.com/Ha0Liu/cveAdd/blob/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0kickPlayer%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/Dst-admin%201.5.0%20background%20kickPlayer%20interface%20remote%20command%20execution.md",
"refsource": "MISC",
"name": "https://github.com/Ha0Liu/cveAdd/blob/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0kickPlayer%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/Dst-admin%201.5.0%20background%20kickPlayer%20interface%20remote%20command%20execution.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yanfei.chen (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}

96
2023/0xxx/CVE-2023-0648.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0648",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in dst-admin 1.5.0 gefunden. Es betrifft eine unbekannte Funktion der Datei /home/masterConsole. Mit der Manipulation des Arguments command mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "dst-admin",
"version": {
"version_data": [
{
"version_value": "1.5.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.220035",
"refsource": "MISC",
"name": "https://vuldb.com/?id.220035"
},
{
"url": "https://vuldb.com/?ctiid.220035",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.220035"
},
{
"url": "https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C",
"refsource": "MISC",
"name": "https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C"
}
]
},
"credits": [
{
"lang": "en",
"value": "yanfei.chen (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}

96
2023/0xxx/CVE-2023-0649.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0649",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220036."
},
{
"lang": "deu",
"value": "In dst-admin 1.5.0 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /home/sendBroadcast. Durch die Manipulation des Arguments message mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "dst-admin",
"version": {
"version_data": [
{
"version_value": "1.5.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.220036",
"refsource": "MISC",
"name": "https://vuldb.com/?id.220036"
},
{
"url": "https://vuldb.com/?ctiid.220036",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.220036"
},
{
"url": "https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0sendBroadcast%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C",
"refsource": "MISC",
"name": "https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0sendBroadcast%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C"
}
]
},
"credits": [
{
"lang": "en",
"value": "yanfei.chen (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}

150
2023/0xxx/CVE-2023-0650.json
View File

@ -1,17 +1,159 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0650",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in YAFNET bis 3.1.11 gefunden. Dies betrifft einen unbekannten Teil der Komponente Signature Handler. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.12 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a1442a2bacc3335461b44c250e81f8d99c60735f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "YAFNET",
"version": {
"version_data": [
{
"version_value": "3.1.0",
"version_affected": "="
},
{
"version_value": "3.1.1",
"version_affected": "="
},
{
"version_value": "3.1.2",
"version_affected": "="
},
{
"version_value": "3.1.3",
"version_affected": "="
},
{
"version_value": "3.1.4",
"version_affected": "="
},
{
"version_value": "3.1.5",
"version_affected": "="
},
{
"version_value": "3.1.6",
"version_affected": "="
},
{
"version_value": "3.1.7",
"version_affected": "="
},
{
"version_value": "3.1.8",
"version_affected": "="
},
{
"version_value": "3.1.9",
"version_affected": "="
},
{
"version_value": "3.1.10",
"version_affected": "="
},
{
"version_value": "3.1.11",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.220037",
"refsource": "MISC",
"name": "https://vuldb.com/?id.220037"
},
{
"url": "https://vuldb.com/?ctiid.220037",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.220037"
},
{
"url": "https://drive.google.com/drive/folders/1iJuhjLQy3QPIgKKgWUzEEfr_q0boaR00?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/drive/folders/1iJuhjLQy3QPIgKKgWUzEEfr_q0boaR00?usp=sharing"
},
{
"url": "https://github.com/YAFNET/YAFNET/commit/a1442a2bacc3335461b44c250e81f8d99c60735f",
"refsource": "MISC",
"name": "https://github.com/YAFNET/YAFNET/commit/a1442a2bacc3335461b44c250e81f8d99c60735f"
},
{
"url": "https://github.com/YAFNET/YAFNET/releases/tag/v3.1.12",
"refsource": "MISC",
"name": "https://github.com/YAFNET/YAFNET/releases/tag/v3.1.12"
}
]
},
"credits": [
{
"lang": "en",
"value": "lin7lic (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}