admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 15:00:36 +00:00
parent 7aa82186c8
commit d672f8e03a
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
15 changed files with 1908 additions and 967 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

201
2009/4xxx/CVE-2009-4020.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4020",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c."
"value": "CVE-2009-4020 kernel: hfs buffer overflow"
}
]
},
@ -44,88 +21,164 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.6.9-89.0.20.EL",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-164.11.1.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[linux-mm-commits] 20091203 + hfs-fix-a-potential-buffer-overflow.patch added to -mm tree",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-mm-commits&m=125987755823047&w=2"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
},
{
"name": "38276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38276"
"url": "http://secunia.com/advisories/38276",
"refsource": "MISC",
"name": "http://secunia.com/advisories/38276"
},
{
"name": "oval:org.mitre.oval:def:10091",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10091"
"url": "http://support.avaya.com/css/P8/documents/100073666",
"refsource": "MISC",
"name": "http://support.avaya.com/css/P8/documents/100073666"
},
{
"name": "http://support.avaya.com/css/P8/documents/100073666",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100073666"
"url": "http://www.debian.org/security/2010/dsa-2005",
"refsource": "MISC",
"name": "http://www.debian.org/security/2010/dsa-2005"
},
{
"name": "[oss-security] 20091204 CVE-2009-4020 kernel: hfs buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/04/1"
"url": "https://access.redhat.com/errata/RHSA-2010:0046",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0046"
},
{
"name": "oval:org.mitre.oval:def:6750",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6750"
"url": "https://access.redhat.com/errata/RHSA-2010:0076",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0076"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=540736",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540736"
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html",
"refsource": "MISC",
"name": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
},
{
"name": "http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch",
"refsource": "CONFIRM",
"url": "http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch"
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html",
"refsource": "MISC",
"name": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "SUSE-SA:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html"
},
{
"name": "SUSE-SA:2010:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2010_23_kernel.html"
"url": "http://marc.info/?l=linux-mm-commits&m=125987755823047&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=linux-mm-commits&m=125987755823047&w=2"
},
{
"name": "RHSA-2010:0095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
"url": "http://secunia.com/advisories/39742",
"refsource": "MISC",
"name": "http://secunia.com/advisories/39742"
},
{
"name": "39742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39742"
"url": "http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch",
"refsource": "MISC",
"name": "http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch"
},
{
"name": "SUSE-SA:2010:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
"url": "http://www.novell.com/linux/security/advisories/2010_23_kernel.html",
"refsource": "MISC",
"name": "http://www.novell.com/linux/security/advisories/2010_23_kernel.html"
},
{
"name": "RHSA-2010:0046",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
"url": "http://www.openwall.com/lists/oss-security/2009/12/04/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2009/12/04/1"
},
{
"name": "DSA-2005",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2005"
"url": "https://access.redhat.com/security/cve/CVE-2009-4020",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2009-4020"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540736",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=540736"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10091",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10091"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6750",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6750"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

171
2012/1xxx/CVE-2012-1575.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1575",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages."
"value": "CVE-2012-1575 cumin: multiple XSS flaws"
}
]
},
@ -44,63 +21,139 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "MRG for RHEL-5 v. 2",
"version": {
"version_data": [
{
"version_value": "0:0.1.5192-4.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:0.1.5192-5.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "48810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48810"
"url": "http://rhn.redhat.com/errata/RHSA-2012-0476.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-0476.html"
},
{
"name": "53000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53000"
"url": "http://rhn.redhat.com/errata/RHSA-2012-0477.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-0477.html"
},
{
"name": "[cumin-developers] 20120306 r5238 - in trunk: cumin/python/cumin cumin/python/cumin/grid cumin/python/cumin/inventory cumin/python/cumin/messaging rosemary/python/rosemary wooly/python/wooly",
"refsource": "MLIST",
"url": "https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html"
"url": "http://secunia.com/advisories/48810",
"refsource": "MISC",
"name": "http://secunia.com/advisories/48810"
},
{
"name": "RHSA-2012:0476",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0476.html"
"url": "http://secunia.com/advisories/48829",
"refsource": "MISC",
"name": "http://secunia.com/advisories/48829"
},
{
"name": "cumin-redhat-unspec-xss(74844)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74844"
"url": "http://www.securityfocus.com/bid/53000",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/53000"
},
{
"name": "RHSA-2012:0477",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0477.html"
"url": "http://www.securitytracker.com/id?1026921",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1026921"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=805712",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805712"
"url": "https://access.redhat.com/errata/RHSA-2012:0476",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:0476"
},
{
"name": "1026921",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026921"
"url": "https://access.redhat.com/errata/RHSA-2012:0477",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:0477"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=571986",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=571986"
"url": "https://access.redhat.com/security/cve/CVE-2012-1575",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-1575"
},
{
"name": "48829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48829"
"url": "https://bugzilla.redhat.com/attachment.cgi?id=571986",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/attachment.cgi?id=571986"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=805712",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=805712"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74844",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74844"
},
{
"url": "https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html",
"refsource": "MISC",
"name": "https://fedorahosted.org/pipermail/cumin-developers/2012-March/000796.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

190
2012/1xxx/CVE-2012-1595.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1595",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers."
"value": "CVE-2012-1595 wireshark: Heap-based buffer overflow when reading ERF packets from pcap/pcap-ng trace files"
}
]
},
@ -44,88 +21,153 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.2.15-2.el6_2.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "52737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52737"
"url": "http://secunia.com/advisories/48947",
"refsource": "MISC",
"name": "http://secunia.com/advisories/48947"
},
{
"name": "48986",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48986"
"url": "https://access.redhat.com/errata/RHSA-2012:0509",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:0509"
},
{
"name": "oval:org.mitre.oval:def:15548",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15548"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078769.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078769.html"
},
{
"name": "[oss-security] 20120328 Re: CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/13"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078770.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078770.html"
},
{
"name": "48947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48947"
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00060.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00060.html"
},
{
"name": "openSUSE-SU-2012:0558",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00060.html"
"url": "http://secunia.com/advisories/48548",
"refsource": "MISC",
"name": "http://secunia.com/advisories/48548"
},
{
"name": "FEDORA-2012-5243",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078770.html"
"url": "http://secunia.com/advisories/48986",
"refsource": "MISC",
"name": "http://secunia.com/advisories/48986"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2012-06.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2012-06.html"
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/28/13"
},
{
"name": "http://www.wireshark.org/news/20120327.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/news/20120327.html"
"url": "http://www.securitytracker.com/id?1026874",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1026874"
},
{
"name": "48548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48548"
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=41008",
"refsource": "MISC",
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=41008"
},
{
"name": "wireshark-pcap-dos(74364)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74364"
"url": "http://www.securityfocus.com/bid/52737",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52737"
},
{
"name": "FEDORA-2012-5256",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078769.html"
"url": "http://www.wireshark.org/news/20120327.html",
"refsource": "MISC",
"name": "http://www.wireshark.org/news/20120327.html"
},
{
"name": "1026874",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026874"
"url": "http://www.wireshark.org/security/wnpa-sec-2012-06.html",
"refsource": "MISC",
"name": "http://www.wireshark.org/security/wnpa-sec-2012-06.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6804",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6804"
"url": "https://access.redhat.com/security/cve/CVE-2012-1595",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-1595"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=41008",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=41008"
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6804",
"refsource": "MISC",
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6804"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=807644",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=807644"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74364",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74364"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15548",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15548"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

208
2012/2xxx/CVE-2012-2113.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2113",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow."
"value": "CVE-2012-2113 libtiff: integer overflow in tiff2pdf leading to heap-buffer overflow when reading a tiled tiff file"
}
]
},
@ -44,73 +21,144 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:3.8.2-15.el5_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.9.4-6.el6_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "54076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54076"
},
{
"name": "49493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49493"
},
{
"name": "http://www.remotesensing.org/libtiff/v4.0.2.html",
"refsource": "CONFIRM",
"url": "http://www.remotesensing.org/libtiff/v4.0.2.html"
},
{
"name": "openSUSE-SU-2012:0829",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15083566"
},
{
"name": "SUSE-SU-2012:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html"
},
{
"name": "DSA-2552",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2552"
},
{
"name": "RHSA-2012:1054",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1054.html"
},
{
"name": "GLSA-201209-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=810551",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=810551"
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html"
},
{
"name": "MDVSA-2012:101",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:101"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1054.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1054.html"
},
{
"name": "49686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49686"
"url": "http://secunia.com/advisories/49493",
"refsource": "MISC",
"name": "http://secunia.com/advisories/49493"
},
{
"name": "50726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50726"
"url": "http://secunia.com/advisories/49686",
"refsource": "MISC",
"name": "http://secunia.com/advisories/49686"
},
{
"url": "http://secunia.com/advisories/50726",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50726"
},
{
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
},
{
"url": "http://www.debian.org/security/2012/dsa-2552",
"refsource": "MISC",
"name": "http://www.debian.org/security/2012/dsa-2552"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:101",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:101"
},
{
"url": "http://www.remotesensing.org/libtiff/v4.0.2.html",
"refsource": "MISC",
"name": "http://www.remotesensing.org/libtiff/v4.0.2.html"
},
{
"url": "http://www.securityfocus.com/bid/54076",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/54076"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1054",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1054"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-2113",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-2113"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=810551",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=810551"
},
{
"url": "https://hermes.opensuse.org/messages/15083566",
"refsource": "MISC",
"name": "https://hermes.opensuse.org/messages/15083566"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

208
2012/2xxx/CVE-2012-2370.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2370",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow."
"value": "CVE-2012-2370 gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader"
}
]
},
@ -44,73 +21,138 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.10.4-29.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201206-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201206-20.xml"
},
{
"name": "RHSA-2013:0135",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0135.html"
},
{
"name": "http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150",
"url": "http://git.gnome.org/browse/gdk-pixbuf/",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150"
"name": "http://git.gnome.org/browse/gdk-pixbuf/"
},
{
"name": "49125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49125"
},
{
"name": "gdkpixbuf-readbitmapfiledata-bo(75578)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75578"
},
{
"name": "[oss-security] 20120515 Re: CVE Request: gdk-pixbuf Integer overflow in XBM file loader",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/15/9"
},
{
"name": "http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22"
},
{
"name": "49715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49715"
},
{
"name": "53548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53548"
},
{
"name": "[oss-security] 20120515 CVE Request: gdk-pixbuf Integer overflow in XBM file loader",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/15/8"
},
{
"name": "http://git.gnome.org/browse/gdk-pixbuf/",
"url": "http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22",
"refsource": "MISC",
"url": "http://git.gnome.org/browse/gdk-pixbuf/"
"name": "http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22"
},
{
"url": "http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516",
"refsource": "MISC",
"name": "http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0135.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0135.html"
},
{
"url": "http://secunia.com/advisories/49125",
"refsource": "MISC",
"name": "http://secunia.com/advisories/49125"
},
{
"url": "http://secunia.com/advisories/49715",
"refsource": "MISC",
"name": "http://secunia.com/advisories/49715"
},
{
"url": "http://www.gentoo.org/security/en/glsa/glsa-201206-20.xml",
"refsource": "MISC",
"name": "http://www.gentoo.org/security/en/glsa/glsa-201206-20.xml"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/05/15/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/05/15/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/05/15/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/05/15/9"
},
{
"url": "http://www.securityfocus.com/bid/53548",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/53548"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0135",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0135"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-2370",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-2370"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=822468",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=822468"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75578",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75578"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

158
2012/2xxx/CVE-2012-2662.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2662",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2) End Entity pages."
"value": "Multiple cross-site scripting flaws were discovered in the Red Hat Certificate System Agent and End Entity pages. An attacker could use these flaws to perform a cross-site scripting (XSS) attack against victims using the Certificate System's web interface."
}
]
},
@ -44,48 +21,129 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Certificate System 8",
"version": {
"version_data": [
{
"version_value": "0:8.1.1-1.el5pki",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:9.0.3-43.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1027284",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027284"
"url": "http://osvdb.org/84099",
"refsource": "MISC",
"name": "http://osvdb.org/84099"
},
{
"name": "rhcs-agentendentity-xss(77101)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77101"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1103.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1103.html"
},
{
"name": "RHSA-2015:1347",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1347.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1347.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1347.html"
},
{
"name": "50013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50013"
"url": "http://secunia.com/advisories/50013",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50013"
},
{
"name": "84099",
"refsource": "OSVDB",
"url": "http://osvdb.org/84099"
"url": "http://www.securityfocus.com/bid/54608",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/54608"
},
{
"name": "54608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54608"
"url": "http://www.securitytracker.com/id?1027284",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027284"
},
{
"name": "RHSA-2012:1103",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1103.html"
"url": "https://access.redhat.com/errata/RHSA-2012:1103",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1103"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1347",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1347"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-2662",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-2662"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=826646",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=826646"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77101",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77101"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

170
2012/3xxx/CVE-2012-3416.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3416",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname."
"value": "CVE-2012-3416 condor: host based authentication does not implement forward-confirmed reverse dns"
}
]
},
@ -44,58 +21,139 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "MRG for RHEL-5 v. 2",
"version": {
"version_data": [
{
"version_value": "0:7.6.5-0.14.2.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:7.6.5-0.14.2.el6_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "condor-reverse-dns-security-bypass(77748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77748"
"url": "http://osvdb.org/84766",
"refsource": "MISC",
"name": "http://osvdb.org/84766"
},
{
"name": "RHSA-2012:1168",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1168.html"
"url": "http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html",
"refsource": "MISC",
"name": "http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html"
},
{
"name": "1027395",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027395"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1168.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1168.html"
},
{
"name": "84766",
"refsource": "OSVDB",
"url": "http://osvdb.org/84766"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1169.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1169.html"
},
{
"name": "50246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50246"
"url": "http://secunia.com/advisories/50246",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50246"
},
{
"name": "55032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55032"
"url": "http://secunia.com/advisories/50294",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50294"
},
{
"name": "50294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50294"
"url": "http://www.securityfocus.com/bid/55032",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55032"
},
{
"name": "RHSA-2012:1169",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1169.html"
"url": "http://www.securitytracker.com/id?1027395",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027395"
},
{
"name": "http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html"
"url": "https://access.redhat.com/errata/RHSA-2012:1168",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1168"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1169",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1169"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-3416",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-3416"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841175",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841175"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77748",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77748"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

401
2012/3xxx/CVE-2012-3515.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3515",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a \"device model's address space.\""
"value": "CVE-2012-3515 qemu: VT100 emulation vulnerability"
}
]
},
@ -44,218 +21,338 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:83-249.el5_8.5",
"version_affected": "!"
},
{
"version_value": "0:3.0.3-135.el5_8.5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.295.el6_3.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.295.el6_3.2",
"version_affected": "!"
},
{
"version_value": "0:6.3-20120926.0.el6_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "55082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55082"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html"
},
{
"name": "50528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50528"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html"
},
{
"name": "RHSA-2012:1234",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1234.html"
"url": "http://secunia.com/advisories/55082",
"refsource": "MISC",
"name": "http://secunia.com/advisories/55082"
},
{
"name": "50530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50530"
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "http://git.qemu.org/?p=qemu-stable-0.15.git;a=log",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu-stable-0.15.git;a=log"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html"
},
{
"name": "51413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51413"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html"
},
{
"name": "GLSA-201309-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html"
},
{
"name": "50689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50689"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html"
},
{
"name": "DSA-2543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2543"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html"
},
{
"name": "SUSE-SU-2012:1135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name": "50632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50632"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name": "RHSA-2012:1325",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1325.html"
"url": "http://secunia.com/advisories/50472",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50472"
},
{
"name": "RHSA-2012:1236",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1236.html"
"url": "http://secunia.com/advisories/50530",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50530"
},
{
"name": "SUSE-SU-2012:1205",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html"
"url": "http://secunia.com/advisories/51413",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51413"
},
{
"name": "SUSE-SU-2012:1202",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html"
"url": "http://support.citrix.com/article/CTX134708",
"refsource": "MISC",
"name": "http://support.citrix.com/article/CTX134708"
},
{
"name": "50913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50913"
"url": "https://security.gentoo.org/glsa/201604-03",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "openSUSE-SU-2012:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
"url": "http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log",
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log"
},
{
"name": "50472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50472"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html"
},
{
"name": "openSUSE-SU-2012:1170",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html"
},
{
"name": "USN-1590-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1590-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html"
},
{
"name": "RHSA-2012:1262",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1262.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html"
},
{
"name": "openSUSE-SU-2012:1153",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00051.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html"
},
{
"name": "http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability",
"refsource": "CONFIRM",
"url": "http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability"
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00051.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00051.html"
},
{
"name": "SUSE-SU-2012:1203",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html"
"url": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html",
"refsource": "MISC",
"name": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html"
},
{
"name": "55413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55413"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1233.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1233.html"
},
{
"name": "SUSE-SU-2012:1162",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1234.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1234.html"
},
{
"name": "openSUSE-SU-2012:1174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1235.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1235.html"
},
{
"name": "SUSE-SU-2012:1320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1236.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1236.html"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1262.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1262.html"
},
{
"name": "RHSA-2012:1233",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1233.html"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1325.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1325.html"
},
{
"name": "SUSE-SU-2012:1132",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html"
"url": "http://secunia.com/advisories/50528",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50528"
},
{
"name": "http://support.citrix.com/article/CTX134708",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX134708"
"url": "http://secunia.com/advisories/50632",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50632"
},
{
"name": "DSA-2545",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2545"
"url": "http://secunia.com/advisories/50689",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50689"
},
{
"name": "SUSE-SU-2012:1129",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html"
"url": "http://secunia.com/advisories/50860",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50860"
},
{
"name": "[Xen-announce] 20120905 Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability",
"refsource": "MLIST",
"url": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html"
"url": "http://secunia.com/advisories/50913",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50913"
},
{
"name": "SUSE-SU-2012:1133",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html"
"url": "http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability",
"refsource": "MISC",
"name": "http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability"
},
{
"name": "RHSA-2012:1235",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1235.html"
"url": "http://www.debian.org/security/2012/dsa-2543",
"refsource": "MISC",
"name": "http://www.debian.org/security/2012/dsa-2543"
},
{
"name": "openSUSE-SU-2012:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
"url": "http://www.debian.org/security/2012/dsa-2545",
"refsource": "MISC",
"name": "http://www.debian.org/security/2012/dsa-2545"
},
{
"name": "[oss-security] 20120905 Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/10"
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/05/10"
},
{
"name": "openSUSE-SU-2012:1172",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html"
"url": "http://www.securityfocus.com/bid/55413",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55413"
},
{
"name": "50860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50860"
"url": "http://www.ubuntu.com/usn/USN-1590-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1590-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1233",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1233"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1234",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1234"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1235",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1235"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1236",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1236"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1262",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1262"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1325",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1325"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-3515",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-3515"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851252",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=851252"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

157
2012/4xxx/CVE-2012-4417.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4417",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names."
"value": "CVE-2012-4417 GlusterFS: insecure temporary file creation"
}
]
},
@ -44,38 +21,130 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insecure Temporary File",
"cweId": "CWE-377"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Native Client for RHEL 5 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.3.0.5rhs-37.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Native Client for RHEL 6 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.3.0.5rhs-37.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Storage 2.0",
"version": {
"version_data": [
{
"version_value": "0:3.3.0.5rhs-37.el6rhs",
"version_affected": "!"
},
{
"version_value": "0:2.2-17.1.el6rhs",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1456.html"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1456.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1456.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=856341",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856341"
"url": "http://www.securityfocus.com/bid/56522",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/56522"
},
{
"name": "1027756",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027756"
"url": "http://www.securitytracker.com/id?1027756",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027756"
},
{
"name": "redhat-storage-glusterfs-symlink(80074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074"
"url": "https://access.redhat.com/errata/RHSA-2012:1456",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1456"
},
{
"name": "56522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56522"
"url": "https://access.redhat.com/security/cve/CVE-2012-4417",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-4417"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856341",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=856341"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jim Meyering and Kurt Seifried (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

172
2012/4xxx/CVE-2012-4564.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4564",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow."
"value": "CVE-2012-4564 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file"
}
]
},
@ -44,68 +21,139 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:3.8.2-18.el5_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.9.4-9.el6_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "DSA-2575",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2575"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
},
{
"name": "86878",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/86878"
"url": "https://access.redhat.com/errata/RHSA-2012:1590",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1590"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=871700",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=871700"
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html"
},
{
"name": "[oss-security] 20121102 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/02/3"
"url": "http://secunia.com/advisories/51133",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51133"
},
{
"name": "56372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56372"
"url": "http://www.debian.org/security/2012/dsa-2575",
"refsource": "MISC",
"name": "http://www.debian.org/security/2012/dsa-2575"
},
{
"name": "USN-1631-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1631-1"
"url": "http://www.openwall.com/lists/oss-security/2012/11/02/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/11/02/3"
},
{
"name": "openSUSE-SU-2013:0187",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html"
"url": "http://www.openwall.com/lists/oss-security/2012/11/02/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/11/02/7"
},
{
"name": "libtiff-ppm2tiff-bo(79750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79750"
"url": "http://www.osvdb.org/86878",
"refsource": "MISC",
"name": "http://www.osvdb.org/86878"
},
{
"name": "[oss-security] 20121102 Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/02/7"
"url": "http://www.securityfocus.com/bid/56372",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/56372"
},
{
"name": "51133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51133"
"url": "http://www.ubuntu.com/usn/USN-1631-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1631-1"
},
{
"name": "RHSA-2012:1590",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
"url": "https://access.redhat.com/security/cve/CVE-2012-4564",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-4564"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=871700",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=871700"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79750",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79750"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

130
2012/5xxx/CVE-2012-5500.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5500",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request."
"value": "It was discovered that Plone, included as a part of luci, allowed a remote anonymous user to change titles of content items due to improper permissions checks."
}
]
},
@ -44,38 +21,103 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:0.12.2-81.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/16",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone/security/advisories/20121106/16"
"url": "https://access.redhat.com/errata/RHSA-2014:1194",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1194"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
"url": "https://access.redhat.com/security/cve/CVE-2012-5500",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-5500"
},
{
"name": "RHSA-2014:1194",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=874649",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=874649"
},
{
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "MISC",
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"url": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "MISC",
"name": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"url": "https://plone.org/products/plone/security/advisories/20121106/16",
"refsource": "MISC",
"name": "https://plone.org/products/plone/security/advisories/20121106/16"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

251
2013/0xxx/CVE-2013-0184.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0184",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to \"symbolized arbitrary strings.\""
"value": "CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS"
}
]
},
@ -44,38 +21,226 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "CloudForms for RHEL 6",
"version": {
"version_data": [
{
"version_value": "1:3.0.10-10.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.1.4-3.el6cf",
"version_affected": "!"
},
{
"version_value": "0:1.5.0-0.9.beta4.el6cf",
"version_affected": "!"
},
{
"version_value": "1:1.3.0-3.el6cf",
"version_affected": "!"
},
{
"version_value": "0:0.5.5-2.el6cf",
"version_affected": "!"
},
{
"version_value": "0:3.8-6.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.6.1-7.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.4-6.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.11.3-5.el6cf",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Subscription Asset Manager 1.2",
"version": {
"version_data": [
{
"version_value": "0:1.7-2.el6_3",
"version_affected": "!"
},
{
"version_value": "0:0.6-4_redhat_1.ep6.el6.1",
"version_affected": "!"
},
{
"version_value": "0:0.7.23-1.el6_3",
"version_affected": "!"
},
{
"version_value": "0:0.19.9-5.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-15h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-1h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-12h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.2.3-3h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.2.1-2h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:3.6.1-10h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:2.6.17-2.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.1.5-4.el6_3",
"version_affected": "!"
},
{
"version_value": "1:3.0.10-10.el6cf",
"version_affected": "!"
},
{
"version_value": "0:0.0.12-2.el6cf",
"version_affected": "!"
},
{
"version_value": "0:0.1.3-1.el6_3",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-3.el6cf",
"version_affected": "!"
},
{
"version_value": "1:1.3.0-3.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.0.4-6.el6cf",
"version_affected": "!"
},
{
"version_value": "0:1.6.5-0.12.git58097d9h.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.0.4-2.el6_3",
"version_affected": "!"
},
{
"version_value": "0:0.0.28-1.el6_3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=895384",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895384"
"name": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"
},
{
"name": "openSUSE-SU-2013:0462",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
},
{
"name": "RHSA-2013:0548",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
},
{
"name": "RHSA-2013:0544",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
"url": "http://www.debian.org/security/2013/dsa-2783",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2783"
},
{
"name": "DSA-2783",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2783"
"url": "https://access.redhat.com/errata/RHSA-2013:0544",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0544"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0548",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0548"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-0184",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-0184"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895384",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=895384"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

169
2013/1xxx/CVE-2013-1823.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1823",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field."
"value": "CVE-2013-1823 Katello: Notifications page Username XSS"
}
]
},
@ -44,33 +21,137 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Subscription Asset Manager 1.2",
"version": {
"version_data": [
{
"version_value": "0:0.7.24-1.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.2.1.1-1h.el6_4",
"version_affected": "!"
},
{
"version_value": "0:1.2.3.1-4h.el6_4",
"version_affected": "!"
},
{
"version_value": "1:3.0.10-12.el6cf",
"version_affected": "!"
},
{
"version_value": "0:3.0.10-3.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.1.4-3.el6cf",
"version_affected": "!"
},
{
"version_value": "0:1.7.3-2.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.5.0-0.9.beta4.el6cf",
"version_affected": "!"
},
{
"version_value": "1:1.3.0-4.el6cf",
"version_affected": "!"
},
{
"version_value": "0:0.5.5-2.el6cf",
"version_affected": "!"
},
{
"version_value": "0:3.8-6.el6cf",
"version_affected": "!"
},
{
"version_value": "0:0.0.28.1-1.el6_4",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "52774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52774"
},
{
"name": "91718",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/91718"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918784",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918784"
"name": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
},
{
"name": "RHSA-2013:0686",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
"url": "http://secunia.com/advisories/52774",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52774"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0686",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0686"
},
{
"url": "http://www.osvdb.org/91718",
"refsource": "MISC",
"name": "http://www.osvdb.org/91718"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-1823",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1823"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918784",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918784"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

147
2013/1xxx/CVE-2013-1872.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1872",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796."
"value": "CVE-2013-1872 Mesa: Memory corruption (OOB read/write) on intel drivers"
}
]
},
@ -44,58 +21,118 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:9.0-0.8.el6_4.3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=59429",
"url": "http://advisories.mageia.org/MGASA-2013-0190.html",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=59429"
"name": "http://advisories.mageia.org/MGASA-2013-0190.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2013-0190.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2013-0190.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00014.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00014.html"
},
{
"name": "DSA-2704",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2704"
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00019.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00019.html"
},
{
"name": "USN-1888-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1888-1"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0897.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0897.html"
},
{
"name": "60285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60285"
"url": "http://www.debian.org/security/2013/dsa-2704",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2704"
},
{
"name": "RHSA-2013:0897",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0897.html"
"url": "http://www.securityfocus.com/bid/60285",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60285"
},
{
"name": "openSUSE-SU-2013:1188",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00019.html"
"url": "http://www.ubuntu.com/usn/USN-1888-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1888-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=923584",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923584"
"url": "https://access.redhat.com/errata/RHSA-2013:0897",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0897"
},
{
"name": "SUSE-SU-2013:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00014.html"
"url": "https://access.redhat.com/security/cve/CVE-2013-1872",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1872"
},
{
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=59429",
"refsource": "MISC",
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=59429"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923584",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=923584"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

142
2013/1xxx/CVE-2013-1913.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1913",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump."
"value": "CVE-2013-1913 gimp: xwd plugin g_new() integer overflow"
}
]
},
@ -44,43 +21,114 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "2:2.2.13-3.el5_10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:2.6.9-6.el6_5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "64105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64105"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1778.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1778.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=947868",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=947868"
"url": "http://www.debian.org/security/2013/dsa-2813",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2813"
},
{
"name": "RHSA-2013:1778",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1778.html"
"url": "http://www.securityfocus.com/bid/64105",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/64105"
},
{
"name": "GLSA-201603-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-01"
"url": "http://www.ubuntu.com/usn/USN-2051-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2051-1"
},
{
"name": "DSA-2813",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2813"
"url": "https://access.redhat.com/errata/RHSA-2013:1778",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1778"
},
{
"name": "USN-2051-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2051-1"
"url": "https://access.redhat.com/security/cve/CVE-2013-1913",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1913"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=947868",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=947868"
},
{
"url": "https://security.gentoo.org/glsa/201603-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201603-01"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}