admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 15:00:49 +00:00
parent d672f8e03a
commit d97dd25d1d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
22 changed files with 5508 additions and 1263 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

223
2010/0xxx/CVE-2010-0733.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0733",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations."
"value": "CVE-2010-0733 postgresql: Integer overflow in hash table size calculation"
}
]
},
@ -44,93 +21,185 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 3",
"version": {
"version_data": [
{
"version_value": "0:7.3.21-3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:7.4.29-1.el4_8.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:8.1.21-1.el5_5.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[pgsql-bugs] 20091028 BUG #5145: Complex query with lots of LEFT JOIN causes segfault",
"refsource": "MLIST",
"url": "http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "RHSA-2010:0427",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0427.html"
"url": "http://secunia.com/advisories/39820",
"refsource": "MISC",
"name": "http://secunia.com/advisories/39820"
},
{
"name": "RHSA-2010:0428",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0428.html"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0427.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0427.html"
},
{
"name": "oval:org.mitre.oval:def:10691",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10691"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0428.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0428.html"
},
{
"name": "http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=64b057e6823655fb6c5d1f24a28f236b94dd6c54",
"refsource": "CONFIRM",
"url": "http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=64b057e6823655fb6c5d1f24a28f236b94dd6c54"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0429.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0429.html"
},
{
"name": "39820",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39820"
"url": "http://www.vupen.com/english/advisories/2010/1197",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/1197"
},
{
"name": "38619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38619"
"url": "https://access.redhat.com/errata/RHSA-2010:0427",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0427"
},
{
"name": "[oss-security] 20100316 Re: CVE Request: postgresql integer overflow in hash table size calculation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/16/10"
"url": "https://access.redhat.com/errata/RHSA-2010:0428",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0428"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
"url": "https://access.redhat.com/errata/RHSA-2010:0429",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0429"
},
{
"name": "[pgsql-bugs] 20091030 Re: BUG #5145: Complex query with lots of LEFT JOIN causes segfault",
"refsource": "MLIST",
"url": "http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php"
"url": "http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php",
"refsource": "MISC",
"name": "http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php"
},
{
"name": "[pgsql-bugs] 20091029 Re: BUG #5145: Complex query with lots of LEFT JOIN causes segfault",
"refsource": "MLIST",
"url": "http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php"
"url": "http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php",
"refsource": "MISC",
"name": "http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php"
},
{
"name": "[oss-security] 20100309 CVE Request: postgresql integer overflow in hash table size calculation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/09/2"
"url": "http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php",
"refsource": "MISC",
"name": "http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php"
},
{
"name": "[pgsql-bugs] 20091029 Re: BUG #5145: Complex query with lots of LEFT JOIN causes segfault",
"refsource": "MLIST",
"url": "http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php"
"url": "http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php",
"refsource": "MISC",
"name": "http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php"
},
{
"name": "RHSA-2010:0429",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0429.html"
"url": "http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=64b057e6823655fb6c5d1f24a28f236b94dd6c54",
"refsource": "MISC",
"name": "http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=64b057e6823655fb6c5d1f24a28f236b94dd6c54"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=546621",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=546621"
"url": "http://www.openwall.com/lists/oss-security/2010/03/09/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/03/09/2"
},
{
"name": "ADV-2010-1197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1197"
"url": "http://www.openwall.com/lists/oss-security/2010/03/16/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/03/16/10"
},
{
"url": "http://www.securityfocus.com/bid/38619",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/38619"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-0733",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-0733"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=546621",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=546621"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10691",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10691"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
]
}

183
2013/1xxx/CVE-2013-1961.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1961",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file."
"value": "CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution"
}
]
},
@ -44,73 +21,149 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:3.8.2-19.el5_10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.9.4-10.el6_5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "53237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53237"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html"
},
{
"name": "FEDORA-2013-7369",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html"
},
{
"name": "DSA-2698",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2698"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html"
},
{
"name": "53765",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53765"
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html"
},
{
"name": "openSUSE-SU-2013:0944",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html"
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=952131",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952131"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
},
{
"name": "RHSA-2014:0223",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
"url": "http://seclists.org/oss-sec/2013/q2/254",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q2/254"
},
{
"name": "[oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q2/254"
"url": "http://secunia.com/advisories/53237",
"refsource": "MISC",
"name": "http://secunia.com/advisories/53237"
},
{
"name": "FEDORA-2013-7361",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html"
"url": "http://secunia.com/advisories/53765",
"refsource": "MISC",
"name": "http://secunia.com/advisories/53765"
},
{
"name": "59607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59607"
"url": "http://www.debian.org/security/2013/dsa-2698",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2698"
},
{
"name": "openSUSE-SU-2013:0922",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html"
"url": "http://www.securityfocus.com/bid/59607",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/59607"
},
{
"name": "FEDORA-2013-7339",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0222",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0222"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0223",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0223"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-1961",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1961"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952131",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=952131"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

216
2013/2xxx/CVE-2013-2063.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2063",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function."
"value": "CVE-2013-2063 libXtst:Integer overflow leading to heap-based buffer overlow"
}
]
},
@ -44,43 +21,188 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.1.3-3.el6",
"version_affected": "!"
},
{
"version_value": "0:1.6.0-2.2.el6",
"version_affected": "!"
},
{
"version_value": "0:1.9.1-2.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.14-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3.2-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:5.0.1-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.7.2-2.2.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.3-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.4.1-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.9.8-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.7-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.4-6.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2.2-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.9-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.8-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.4-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.8-3.el6",
"version_affected": "!"
},
{
"version_value": "0:2.11-1.el6",
"version_affected": "!"
},
{
"version_value": "0:7.7-9.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3.4-1.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2013-9073",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106886.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106886.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106886.html"
},
{
"name": "USN-1866-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1866-1"
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00160.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00160.html"
},
{
"name": "openSUSE-SU-2013:1032",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00160.html"
"url": "http://www.debian.org/security/2013/dsa-2689",
"refsource": "MISC",
"name": "http://www.debian.org/security/2013/dsa-2689"
},
{
"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
"url": "http://www.openwall.com/lists/oss-security/2013/05/23/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
},
{
"name": "DSA-2689",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2689"
"url": "http://www.ubuntu.com/usn/USN-1866-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1866-1"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
"url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
"refsource": "MISC",
"name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1436",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1436"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2063",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2063"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=960366",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=960366"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

142
2013/2xxx/CVE-2013-2166.json
View File

@ -1,22 +1,47 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2166",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVE-2013-2166 CVE-2013-2167 python-keystoneclient: middleware memcache encryption and signing bypass"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Acceptance of Extraneous Untrusted Data With Trusted Data",
"cweId": "CWE-349"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "python-keystoneclient",
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "python-keystoneclient",
"product_name": "OpenStack 3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "< 0.2.6"
"version_value": "1:0.2.3-5.el6ost",
"version_affected": "!"
}
]
}
@ -27,35 +52,47 @@
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memcache encryption bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2166",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2166"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0992.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0992.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/19/5"
},
{
"url": "http://www.securityfocus.com/bid/60684",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60684"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0992",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0992"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-2166",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-2166"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-2166",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-2166"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=974271",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=974271"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2166",
@ -68,29 +105,34 @@
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2166"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-2166",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2166",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-2166"
},
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2166"
}
]
},
"impact": {
"cvss": [
{
"url": "http://www.securityfocus.com/bid/60684",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60684"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0992.html",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0992.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/19/5",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/5"
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

161
2013/4xxx/CVE-2013-4343.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4343",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call."
"value": "CVE-2013-4343 Kernel: net: use-after-free TUNSETIFF"
}
]
},
@ -44,68 +21,128 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "0:3.8.13-rt14.25.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[netdev] 20130911 Use-after-free in TUNSETIFF",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/netdev/msg250066.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "RHSA-2013:1490",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007733",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007733"
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
},
{
"name": "USN-2020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2020-1"
"url": "http://marc.info/?l=linux-kernel&m=137889490510745&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=linux-kernel&m=137889490510745&w=2"
},
{
"name": "[linux-kernel] 20130911 [PATCH net V2] tuntap: correctly handle error in tun_set_iff()",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel&m=137889490510745&w=2"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"name": "[oss-security] 20130912 Fwd: Use-after-free in TUNSETIFF",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/12/3"
"url": "http://www.openwall.com/lists/oss-security/2013/09/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/12/3"
},
{
"name": "USN-2049-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2049-1"
"url": "http://www.spinics.net/lists/netdev/msg250066.html",
"refsource": "MISC",
"name": "http://www.spinics.net/lists/netdev/msg250066.html"
},
{
"name": "USN-2023-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2023-1"
"url": "http://www.ubuntu.com/usn/USN-2020-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2020-1"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1479",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
"url": "http://www.ubuntu.com/usn/USN-2023-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2023-1"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1570",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
"url": "http://www.ubuntu.com/usn/USN-2049-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2049-1"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1579",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
"url": "https://access.redhat.com/errata/RHSA-2013:1490",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1490"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4343",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4343"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007733",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007733"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

118
2013/6xxx/CVE-2013-6434.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6434",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server."
"value": "CVE-2013-6434 rhev: remote-viewer spice tls-stripping issue"
}
]
},
@ -44,28 +21,93 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Channel Accessible by Non-Endpoint",
"cweId": "CWE-300"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.3",
"version": {
"version_data": [
{
"version_value": "0:3.3.0-45",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "65077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65077"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0038.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0038.html"
},
{
"name": "1029653",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029653"
"url": "http://www.securityfocus.com/bid/65077",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/65077"
},
{
"name": "RHSA-2014:0038",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0038.html"
"url": "http://www.securitytracker.com/id/1029653",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1029653"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0038",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0038"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-6434",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-6434"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039839",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1039839"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

112
2014/0xxx/CVE-2014-0153.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0153",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page."
"value": "CVE-2014-0153 ovirt-engine-api: session ID stored in HTML5 local storage"
}
]
},
@ -44,23 +21,88 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.4",
"version": {
"version_data": [
{
"version_value": "0:3.4.0-21",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://gerrit.ovirt.org/#/c/25987/",
"refsource": "CONFIRM",
"url": "http://gerrit.ovirt.org/#/c/25987/"
"url": "http://gerrit.ovirt.org/#/c/25987/",
"refsource": "MISC",
"name": "http://gerrit.ovirt.org/#/c/25987/"
},
{
"name": "http://www.ovirt.org/Security_advisories",
"refsource": "CONFIRM",
"url": "http://www.ovirt.org/Security_advisories"
"url": "http://www.ovirt.org/Security_advisories",
"refsource": "MISC",
"name": "http://www.ovirt.org/Security_advisories"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0506",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0506"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0153",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0153"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1081875",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1081875"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

143
2014/0xxx/CVE-2014-0188.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0188",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger."
"value": "CVE-2014-0188 OpenShift: openshift-origin-broker plugin allows impersonation"
}
]
},
@ -44,28 +21,118 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Enterprise 2.0",
"version": {
"version_data": [
{
"version_value": "0:1.15.3.5-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.17.4-1.el6op",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEL 6 Version of OpenShift Enterprise 1.2",
"version": {
"version_data": [
{
"version_value": "0:1.5.9-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.8.4-1.el6op",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0422",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0422.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0422.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0422.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1090120",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090120"
"url": "http://rhn.redhat.com/errata/RHSA-2014-0423.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0423.html"
},
{
"name": "RHSA-2014:0423",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0423.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0422",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0422"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:0423",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0423"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0188",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0188"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090120",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1090120"
}
]
},
"work_around": [
{
"lang": "en",
"value": "add this in the host httpd conf global config, e.g. at the \nend of /etc/httpd/conf.d/000002_openshift_origin_broker_proxy.conf:\n\nRequestHeader unset X-Remote-User"
}
],
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

1395
2014/0xxx/CVE-2014-0192.json
View File

File diff suppressed because it is too large Load Diff

244
2014/0xxx/CVE-2014-0247.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0247",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx."
"value": "It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros."
}
]
},
@ -44,78 +21,175 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Product UI does not Warn User of Unsafe Actions",
"cweId": "CWE-356"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.0.2-1.el7",
"version_affected": "!"
},
{
"version_value": "0:0.4.1-5.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.4-2.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.0-3.el7",
"version_affected": "!"
},
{
"version_value": "0:0.5.4-8.el7",
"version_affected": "!"
},
{
"version_value": "0:0.2.0-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.4-1.el7",
"version_affected": "!"
},
{
"version_value": "1:4.2.6.3-5.el7",
"version_affected": "!"
},
{
"version_value": "0:0.10.3-1.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "60799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60799"
},
{
"name": "GLSA-201408-19",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "FEDORA-2014-7679",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html"
},
{
"name": "USN-2253-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2253-1"
},
{
"name": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html",
"url": "http://secunia.com/advisories/60799",
"refsource": "MISC",
"url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html"
"name": "http://secunia.com/advisories/60799"
},
{
"name": "https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/",
"refsource": "CONFIRM",
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/"
},
{
"name": "68151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68151"
},
{
"name": "57383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57383"
},
{
"name": "openSUSE-SU-2014:0860",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00006.html"
},
{
"name": "https://gerrit.libreoffice.org/gitweb?p=core.git;a=blobdiff;f=sfx2/source/doc/docmacromode.cxx;h=4d4ae52b4339582a039744d03671c1db0633d6c3;hp=2108d1920f8148ff60fd4a57684f295d6d733e7b;hb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d;hpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml",
"refsource": "MISC",
"url": "https://gerrit.libreoffice.org/gitweb?p=core.git;a=blobdiff;f=sfx2/source/doc/docmacromode.cxx;h=4d4ae52b4339582a039744d03671c1db0633d6c3;hp=2108d1920f8148ff60fd4a57684f295d6d733e7b;hb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d;hpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81"
"name": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "RHSA-2015:0377",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"
},
{
"name": "59330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59330"
},
{
"name": "https://bugs.mageia.org/show_bug.cgi?id=13580",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html",
"refsource": "MISC",
"url": "https://bugs.mageia.org/show_bug.cgi?id=13580"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00006.html"
},
{
"url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html",
"refsource": "MISC",
"name": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"
},
{
"url": "http://secunia.com/advisories/57383",
"refsource": "MISC",
"name": "http://secunia.com/advisories/57383"
},
{
"url": "http://secunia.com/advisories/59330",
"refsource": "MISC",
"name": "http://secunia.com/advisories/59330"
},
{
"url": "http://www.securityfocus.com/bid/68151",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/68151"
},
{
"url": "http://www.ubuntu.com/usn/USN-2253-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2253-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0377",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0377"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-0247",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-0247"
},
{
"url": "https://bugs.mageia.org/show_bug.cgi?id=13580",
"refsource": "MISC",
"name": "https://bugs.mageia.org/show_bug.cgi?id=13580"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111083",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1111083"
},
{
"url": "https://gerrit.libreoffice.org/gitweb?p=core.git%3Ba=blobdiff%3Bf=sfx2/source/doc/docmacromode.cxx%3Bh=4d4ae52b4339582a039744d03671c1db0633d6c3%3Bhp=2108d1920f8148ff60fd4a57684f295d6d733e7b%3Bhb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d%3Bhpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81",
"refsource": "MISC",
"name": "https://gerrit.libreoffice.org/gitweb?p=core.git%3Ba=blobdiff%3Bf=sfx2/source/doc/docmacromode.cxx%3Bh=4d4ae52b4339582a039744d03671c1db0633d6c3%3Bhp=2108d1920f8148ff60fd4a57684f295d6d733e7b%3Bhb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d%3Bhpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81"
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/",
"refsource": "MISC",
"name": "https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
]
}

146
2014/3xxx/CVE-2014-3473.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3473",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template."
"value": "CVE-2014-3473 CVE-2014-3474 CVE-2014-3475 CVE-2014-8578 openstack-horizon: multiple XSS flaws"
}
]
},
@ -44,33 +21,120 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2013.2.3-3.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.1.1-2.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"name": "68459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68459"
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"name": "https://bugs.launchpad.net/horizon/+bug/1308727",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/horizon/+bug/1308727"
"url": "http://www.securityfocus.com/bid/68459",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/68459"
},
{
"name": "openSUSE-SU-2015:0078",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
"url": "https://access.redhat.com/errata/RHSA-2014:0939",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0939"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:1188",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1188"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-3473",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3473"
},
{
"url": "https://bugs.launchpad.net/horizon/+bug/1308727",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/horizon/+bug/1308727"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116090",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1116090"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank OpenStack project for reporting this issue. Upstream acknowledges Craig Lorentzen (Cisco), Jason Hullinger (Hewlett Packard), and Michael Xin (Rackspace) as the original reporters."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

152
2014/3xxx/CVE-2014-3474.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3474",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name."
"value": "CVE-2014-3473 CVE-2014-3474 CVE-2014-3475 CVE-2014-8578 openstack-horizon: multiple XSS flaws"
}
]
},
@ -44,38 +21,125 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "OpenStack 4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2013.2.3-3.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.1.1-2.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"name": "68460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68460"
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"name": "https://review.openstack.org/#/c/105477",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/105477"
"url": "https://access.redhat.com/errata/RHSA-2014:0939",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:0939"
},
{
"name": "https://bugs.launchpad.net/horizon/+bug/1322197",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/horizon/+bug/1322197"
"url": "https://access.redhat.com/errata/RHSA-2014:1188",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1188"
},
{
"name": "openSUSE-SU-2015:0078",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116090",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1116090"
},
{
"url": "http://www.securityfocus.com/bid/68460",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/68460"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-3474",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3474"
},
{
"url": "https://bugs.launchpad.net/horizon/+bug/1322197",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/horizon/+bug/1322197"
},
{
"url": "https://review.openstack.org/#/c/105477",
"refsource": "MISC",
"name": "https://review.openstack.org/#/c/105477"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank OpenStack project for reporting this issue. Upstream acknowledges Craig Lorentzen (Cisco), Jason Hullinger (Hewlett Packard), and Michael Xin (Rackspace) as the original reporters."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

201
2014/3xxx/CVE-2014-3537.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3537",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/."
"value": "It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system."
}
]
},
@ -44,88 +21,164 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Link Resolution Before File Access ('Link Following')",
"cweId": "CWE-59"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "1:1.4.2-67.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "1:1.6.3-17.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-8351",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html"
"url": "http://advisories.mageia.org/MGASA-2014-0313.html",
"refsource": "MISC",
"name": "http://advisories.mageia.org/MGASA-2014-0313.html"
},
{
"name": "60273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60273"
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html",
"refsource": "MISC",
"name": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "http://www.cups.org/blog.php?L724",
"refsource": "CONFIRM",
"url": "http://www.cups.org/blog.php?L724"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html"
},
{
"name": "RHSA-2014:1388",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1388.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1388.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1388.html"
},
{
"name": "USN-2293-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2293-1"
"url": "http://secunia.com/advisories/59945",
"refsource": "MISC",
"name": "http://secunia.com/advisories/59945"
},
{
"name": "APPLE-SA-2014-10-16-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
"url": "http://secunia.com/advisories/60273",
"refsource": "MISC",
"name": "http://secunia.com/advisories/60273"
},
{
"name": "68788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68788"
"url": "http://secunia.com/advisories/60787",
"refsource": "MISC",
"name": "http://secunia.com/advisories/60787"
},
{
"name": "60787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60787"
"url": "http://www.cups.org/blog.php?L724",
"refsource": "MISC",
"name": "http://www.cups.org/blog.php?L724"
},
{
"name": "http://www.cups.org/str.php?L4450",
"refsource": "CONFIRM",
"url": "http://www.cups.org/str.php?L4450"
"url": "http://www.cups.org/str.php?L4450",
"refsource": "MISC",
"name": "http://www.cups.org/str.php?L4450"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1115576",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1115576"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:108",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:108"
},
{
"name": "59945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59945"
"url": "http://www.securityfocus.com/bid/68788",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/68788"
},
{
"name": "https://support.apple.com/kb/HT6535",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6535"
"url": "http://www.securitytracker.com/id/1030611",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1030611"
},
{
"name": "1030611",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030611"
"url": "http://www.ubuntu.com/usn/USN-2293-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2293-1"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0313.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0313.html"
"url": "https://access.redhat.com/errata/RHBA-2015:0386",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2015:0386"
},
{
"name": "MDVSA-2015:108",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:108"
"url": "https://access.redhat.com/errata/RHSA-2014:1388",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1388"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-3537",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3537"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1115576",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1115576"
},
{
"url": "https://support.apple.com/kb/HT6535",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT6535"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:S/C:C/I:P/A:N",
"version": "2.0"
}
]
}

122
2014/3xxx/CVE-2014-3585.json
View File

@ -1,9 +1,33 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3585",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that the redhat-upgrade-tool did not check GPG signatures on downloaded and installed packages during the upgrade process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Verification of Cryptographic Signature",
"cweId": "CWE-347"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,11 +36,23 @@
"product": {
"product_data": [
{
"product_name": "redhat-upgrade-tool",
"product_name": "Red Hat Enterprise Linux 6 Extras",
"version": {
"version_data": [
{
"version_value": "through 2014-08-01"
"version_value": "1:0.7.32-1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "2:0.9.3-1.el7",
"version_affected": "!"
}
]
}
@ -27,40 +63,62 @@
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "redhat-upgrade-tool: Does not check GPG signatures when upgrading versions"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "does not check GPG signatures on package installation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3585"
"url": "https://access.redhat.com/errata/RHBA-2014:1396",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2014:1396"
},
{
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://access.redhat.com/security/cve/cve-2014-3585"
"url": "https://access.redhat.com/errata/RHBA-2015:2395",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2015:2395"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-3585",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3585"
},
{
"url": "https://access.redhat.com/security/cve/cve-2014-3585",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2014-3585"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126002",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1126002"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3585",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3585"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

1160
2014/3xxx/CVE-2014-3602.json
View File

File diff suppressed because it is too large Load Diff

215
2014/3xxx/CVE-2014-3646.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3646",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application."
"value": "It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest."
}
]
},
@ -44,73 +21,181 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Uncaught Exception",
"cweId": "CWE-248"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-504.1.3.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-431.50.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-123.9.2.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "0:6.6-20150123.1.el6ev",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2418-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2418-1"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a642fc305053cc1c6e47e4f4df327895747ab485",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a642fc305053cc1c6e47e4f4df327895747ab485"
},
{
"name": "USN-2417-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2417-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1144825",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144825"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "DSA-3060",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3060"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a642fc305053cc1c6e47e4f4df327895747ab485",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a642fc305053cc1c6e47e4f4df327895747ab485"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0284.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0284.html"
},
{
"name": "SUSE-SU-2015:0481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
"url": "http://www.debian.org/security/2014/dsa-3060",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3060"
},
{
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
"url": "http://www.openwall.com/lists/oss-security/2014/10/24/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/10/24/9"
},
{
"name": "https://github.com/torvalds/linux/commit/a642fc305053cc1c6e47e4f4df327895747ab485",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/a642fc305053cc1c6e47e4f4df327895747ab485"
"url": "http://www.ubuntu.com/usn/USN-2394-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2394-1"
},
{
"name": "USN-2394-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2394-1"
"url": "http://www.ubuntu.com/usn/USN-2417-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name": "RHSA-2015:0284",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0284.html"
"url": "http://www.ubuntu.com/usn/USN-2418-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"name": "[oss-security] 20141024 kvm issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/24/9"
"url": "https://access.redhat.com/errata/RHSA-2014:1724",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1724"
},
{
"name": "RHSA-2015:0126",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
"url": "https://access.redhat.com/errata/RHSA-2014:1843",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1843"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0126",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0126"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0284",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0284"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-3646",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3646"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144825",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1144825"
},
{
"url": "https://github.com/torvalds/linux/commit/a642fc305053cc1c6e47e4f4df327895747ab485",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/a642fc305053cc1c6e47e4f4df327895747ab485"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

127
2014/3xxx/CVE-2014-3665.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3665",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave."
"value": "CVE-2014-3665 jenkins: remote code execution from slaves (SECURITY-144)"
}
]
},
@ -44,33 +21,101 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Execution with Unnecessary Privileges",
"cweId": "CWE-250"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Enterprise 2.1",
"version": {
"version_data": [
{
"version_value": "0:1.565.3-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.6.40.1-0.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.20.3.5-1.el6op",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30"
"url": "https://access.redhat.com/errata/RHBA-2014:1630",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2014:1630"
},
{
"name": "https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control"
"url": "https://access.redhat.com/security/cve/CVE-2014-3665",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-3665"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1147767",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147767"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147767",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1147767"
},
{
"name": "https://www.cloudbees.com/jenkins-security-advisory-2014-10-30",
"refsource": "CONFIRM",
"url": "https://www.cloudbees.com/jenkins-security-advisory-2014-10-30"
"url": "https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control",
"refsource": "MISC",
"name": "https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control"
},
{
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30",
"refsource": "MISC",
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30"
},
{
"url": "https://www.cloudbees.com/jenkins-security-advisory-2014-10-30",
"refsource": "MISC",
"name": "https://www.cloudbees.com/jenkins-security-advisory-2014-10-30"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

188
2014/6xxx/CVE-2014-6040.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-6040",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of \"0xffff\" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8."
"value": "An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application."
}
]
},
@ -44,73 +21,154 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.12-1.149.el6_6.4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.17-78.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "69472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69472"
"url": "http://linux.oracle.com/errata/ELSA-2015-0016.html",
"refsource": "MISC",
"name": "http://linux.oracle.com/errata/ELSA-2015-0016.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2015-0016.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2015-0016.html"
"url": "http://secunia.com/advisories/62100",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62100"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=41488498b6",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=41488498b6"
"url": "http://secunia.com/advisories/62146",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62146"
},
{
"name": "GLSA-201602-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-02"
"url": "http://ubuntu.com/usn/usn-2432-1",
"refsource": "MISC",
"name": "http://ubuntu.com/usn/usn-2432-1"
},
{
"name": "MDVSA-2014:175",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175"
"url": "http://www.debian.org/security/2015/dsa-3142",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3142"
},
{
"name": "[oss-security] 20140829 CVE request: glibc character set conversion from IBM code pages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/29/3"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175"
},
{
"name": "USN-2432-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2432-1"
"url": "http://www.openwall.com/lists/oss-security/2014/08/29/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/08/29/3"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17325",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17325"
"url": "http://www.openwall.com/lists/oss-security/2014/09/02/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/09/02/1"
},
{
"name": "62100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62100"
"url": "http://www.securityfocus.com/bid/69472",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/69472"
},
{
"name": "[oss-security] 20140902 Re: CVE request: glibc character set conversion from IBM code pages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/02/1"
"url": "https://access.redhat.com/errata/RHSA-2015:0016",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0016"
},
{
"name": "62146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62146"
"url": "https://access.redhat.com/errata/RHSA-2015:0327",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0327"
},
{
"name": "DSA-3142",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3142"
"url": "https://access.redhat.com/security/cve/CVE-2014-6040",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-6040"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1135841",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1135841"
},
{
"url": "https://security.gentoo.org/glsa/201602-02",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201602-02"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17325",
"refsource": "MISC",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17325"
},
{
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6",
"refsource": "MISC",
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

758
2014/7xxx/CVE-2014-7811.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7811",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API."
"value": "CVE-2014-7811 Red Hat Satellite, Spacewalk: multiple XSS"
}
]
},
@ -44,28 +21,733 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 5.7",
"version": {
"version_data": [
{
"version_value": "0:1.1.3-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.7.7-7.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:1.8.3-10.redhat_2.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2-7.5.redhat_2.ep6.el6.4",
"version_affected": "!"
},
{
"version_value": "0:3.0.0-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.9.1.2-2.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:2.2-5.6.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:2.0.7-52.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.4-10.1.5_jboss_update1.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:5.1.2-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.6.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.6.1-11.1.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:3.0rc2-6.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.8.2-14.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.20.18-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:4.0.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.2_13-3.1.4.ep5.el6",
"version_affected": "!"
},
{
"version_value": "1:3.3.2-1.3.GA_CP04.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:2.2.8-23.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5-0.22.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.2-2.2.2.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3-11.7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.8.1-8.1.1.1.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0-19.2.1.1.ep5.el6",
"version_affected": "!"
},
{
"version_value": "1:1.1.1-7.4.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:1.4-4.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:2.4-1.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-1.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1-10.3_patch_02.1.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:11-2.1.2.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-7.5.2.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:2.0.8-6.6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-12.ep5.el6",
"version_affected": "!"
},
{
"version_value": "1:1.6.0.16.2-1jpp.1.el6",
"version_affected": "!"
},
{
"version_value": "0:3.12.0-6.SP1.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:5.0.1-2.9.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.16-1.2.2.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.13-2.3.2.1.1.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:0.4-27.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.10.4.custom-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.13-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.4.0-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.8.0-24.3.el6",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-5.el6",
"version_affected": "!"
},
{
"version_value": "0:3.26.10-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.6.0-2.2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.2.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.6.5-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.209.7-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.127.12-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0-0.16.20081201040121nightly.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.2-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1-7.el6sat",
"version_affected": "!"
},
{
"version_value": "0:10.2.0-47.el6sat",
"version_affected": "!"
},
{
"version_value": "0:10.2.0.19-6.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.23.36-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.11.44-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.2-3.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.09-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.38-6.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.06-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.16-4.el6",
"version_affected": "!"
},
{
"version_value": "0:1.4-6.el6",
"version_affected": "!"
},
{
"version_value": "0:2.47-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.119-10.1.el6",
"version_affected": "!"
},
{
"version_value": "0:2.05-10.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.03-15.el6sat",
"version_affected": "!"
},
{
"version_value": "1:0.5300-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.62-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.002-5.el6",
"version_affected": "!"
},
{
"version_value": "0:0.92-8.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.10-8.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.110-10.1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.13-6.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.22-10.el6",
"version_affected": "!"
},
{
"version_value": "0:0.3-12.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.027-2.el6",
"version_affected": "!"
},
{
"version_value": "0:5.427-4.el6",
"version_affected": "!"
},
{
"version_value": "0:1.28-2.el6",
"version_affected": "!"
},
{
"version_value": "0:0.5-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.10-7.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.0.1-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.9.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.23.17-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.2.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.26.12-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.28.27-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.10.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.184.18-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.58.12-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.7.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.14.12-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.92-3.el6",
"version_affected": "!"
},
{
"version_value": "0:1.20-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.710.10-3.el6",
"version_affected": "!"
},
{
"version_value": "0:2.30-13.el6",
"version_affected": "!"
},
{
"version_value": "0:1.01-6.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.1-21.el6",
"version_affected": "!"
},
{
"version_value": "0:9.2.8-2.el6",
"version_affected": "!"
},
{
"version_value": "0:1.11.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.16-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.10.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.14-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.10-3.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.8.4-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.1_20071120-15.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.7.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.7.0.0-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.5.22-15.el6",
"version_affected": "!"
},
{
"version_value": "0:5.5.81-8.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.4.1-9.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.2-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.5-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.13.5-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.2.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.216.31-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.29.14-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.24.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.7.0.24-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.7.0-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.6.0.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.7.0.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.15.8-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:20120927-11.el6_5",
"version_affected": "!"
},
{
"version_value": "0:3.4.5-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.3-6.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.2-2.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:0.5.7-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-1.5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.2.7-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.3-23.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.8-96.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.2-16.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-7.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-15.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.0-21.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.6.1-6.el6sat",
"version_affected": "!"
},
{
"version_value": "1:2.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.2-13.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.3.2-27.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.9.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.12.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.9-10.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.10-6.ep5.el6",
"version_affected": "!"
},
{
"version_value": "0:3.2.3-14.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.27.29-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.7.0-9.8.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0033",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0033.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html"
},
{
"name": "62183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62183"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0033.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0033.html"
},
{
"name": "SUSE-SU-2015:0928",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html"
"url": "http://secunia.com/advisories/62183",
"refsource": "MISC",
"name": "http://secunia.com/advisories/62183"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0033",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0033"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-7811",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-7811"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1156299",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1156299"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
]
}

125
2014/8xxx/CVE-2014-8112.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8112",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores \"unhashed\" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog."
"value": "It was found that when the nsslapd-unhashed-pw-switch 389 Directory Server configuration option was set to \"off\", it did not prevent the writing of unhashed passwords into the Changelog. This could potentially allow an authenticated user able to access the Changelog to read sensitive information."
}
]
},
@ -44,38 +21,98 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.3.3.1-13.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html",
"refsource": "MISC",
"name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1172729",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172729"
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html",
"refsource": "MISC",
"name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
},
{
"name": "RHSA-2015:0416",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
},
{
"name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
},
{
"name": "FEDORA-2015-3368",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
"url": "https://access.redhat.com/errata/RHSA-2015:0416",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0416"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-8112",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-8112"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172729",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1172729"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
}

218
2015/1xxx/CVE-2015-1779.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1779",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section."
"value": "It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU."
}
]
},
@ -44,98 +21,179 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "10:1.5.3-86.el7_1.8",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7",
"version": {
"version_data": [
{
"version_value": "10:2.1.2-23.el7_1.10",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:0870",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"
},
{
"name": "[Qemu-devel] 20150323 [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html"
},
{
"name": "FEDORA-2015-5541",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html"
},
{
"name": "DSA-3259",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3259"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
},
{
"name": "[oss-security] 20150409 Re: CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/09/6"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1931.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1931.html"
},
{
"name": "SUSE-SU-2015:0896",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1943.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1943.html"
},
{
"name": "FEDORA-2015-5482",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"
"url": "http://www.debian.org/security/2015/dsa-3259",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3259"
},
{
"name": "[Qemu-devel] 20150323 [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html"
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/03/24/9"
},
{
"name": "RHSA-2015:1931",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1931.html"
"url": "http://www.openwall.com/lists/oss-security/2015/04/09/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/04/09/6"
},
{
"name": "[oss-security] 20150324 CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/9"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "1033975",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033975"
"url": "http://www.securityfocus.com/bid/73303",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/73303"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://www.securitytracker.com/id/1033975",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033975"
},
{
"name": "RHSA-2015:1943",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1943.html"
"url": "http://www.ubuntu.com/usn/USN-2608-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2608-1"
},
{
"name": "USN-2608-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2608-1"
"url": "https://access.redhat.com/errata/RHSA-2015:1931",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1931"
},
{
"name": "[Qemu-devel] 20150323 [PATCH 2/2] CVE-2015-1779: limit size of HTTP headers from websockets clients",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html"
"url": "https://access.redhat.com/errata/RHSA-2015:1943",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1943"
},
{
"name": "73303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73303"
"url": "https://access.redhat.com/security/cve/CVE-2015-1779",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-1779"
},
{
"name": "GLSA-201602-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-01"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199572",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1199572"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html"
},
{
"url": "https://security.gentoo.org/glsa/201602-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201602-01"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.7,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

422
2015/3xxx/CVE-2015-3209.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3209",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set."
"value": "A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process."
}
]
},
@ -44,153 +21,266 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:83-273.el5_11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.448.el6_6.4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.448.el6_6.4",
"version_affected": "!"
}
]
}
},
{
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
"version": {
"version_data": [
{
"version_value": "2:0.12.1.2-2.448.el6_6.4",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-2630-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2630-1"
},
{
"name": "SUSE-SU-2015:1152",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"
},
{
"name": "RHSA-2015:1087",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1087.html"
},
{
"name": "SUSE-SU-2015:1519",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"
},
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "FEDORA-2015-10001",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698"
},
{
"name": "DSA-3286",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3286"
},
{
"name": "FEDORA-2015-9978",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html"
},
{
"name": "SUSE-SU-2015:1156",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"
},
{
"name": "RHSA-2015:1088",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1088.html"
},
{
"name": "RHSA-2015:1089",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1089.html"
},
{
"name": "SUSE-SU-2015:1643",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name": "GLSA-201510-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"name": "SUSE-SU-2015:1206",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html"
},
{
"name": "DSA-3284",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3284"
},
{
"name": "75123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75123"
},
{
"name": "SUSE-SU-2015:1157",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
},
{
"name": "1032545",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032545"
},
{
"name": "SUSE-SU-2015:1045",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-135.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-135.html"
},
{
"name": "SUSE-SU-2015:1426",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "RHSA-2015:1189",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1189.html"
},
{
"name": "SUSE-SU-2015:1042",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
},
{
"name": "FEDORA-2015-9965",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"
},
{
"name": "DSA-3285",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3285"
},
{
"url": "https://security.gentoo.org/glsa/201604-03",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
"name": "https://security.gentoo.org/glsa/201604-03"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
"refsource": "MISC",
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1087.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1087.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1088.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1088.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1089.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1089.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1189.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1189.html"
},
{
"url": "http://www.debian.org/security/2015/dsa-3284",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3284"
},
{
"url": "http://www.debian.org/security/2015/dsa-3285",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3285"
},
{
"url": "http://www.debian.org/security/2015/dsa-3286",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3286"
},
{
"url": "http://www.securityfocus.com/bid/75123",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75123"
},
{
"url": "http://www.securitytracker.com/id/1032545",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032545"
},
{
"url": "http://www.ubuntu.com/usn/USN-2630-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2630-1"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-135.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-135.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1087",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1087"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1088",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1088"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1089",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1089"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1189",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1189"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3209",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3209"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225882",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1225882"
},
{
"url": "https://kb.juniper.net/JSA10783",
"refsource": "MISC",
"name": "https://kb.juniper.net/JSA10783"
},
{
"url": "https://security.gentoo.org/glsa/201510-02",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201510-02"
},
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}