From ec8e6117c7343ab0bf4e32002acd597d9945edff Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 2 Feb 2023 21:00:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/15xxx/CVE-2017-15085.json | 105 ++- 2017/15xxx/CVE-2017-15124.json | 229 +++-- 2017/15xxx/CVE-2017-15127.json | 124 +-- 2017/15xxx/CVE-2017-15135.json | 131 ++- 2017/15xxx/CVE-2017-15137.json | 1434 +++++++++++++++++++++++++++++++- 2017/2xxx/CVE-2017-2596.json | 150 ++-- 2017/2xxx/CVE-2017-2621.json | 145 ++-- 2017/2xxx/CVE-2017-2622.json | 114 ++- 2017/2xxx/CVE-2017-2628.json | 113 ++- 2017/2xxx/CVE-2017-2647.json | 207 +++-- 2017/2xxx/CVE-2017-2662.json | 121 ++- 2021/3xxx/CVE-2021-3442.json | 107 ++- 2021/3xxx/CVE-2021-3499.json | 172 +++- 2021/3xxx/CVE-2021-3507.json | 108 ++- 2021/3xxx/CVE-2021-3520.json | 125 ++- 2021/3xxx/CVE-2021-3521.json | 125 ++- 2021/3xxx/CVE-2021-3564.json | 156 +++- 2021/3xxx/CVE-2021-3575.json | 102 ++- 2021/3xxx/CVE-2021-3609.json | 185 +++- 2021/3xxx/CVE-2021-3611.json | 96 ++- 2021/3xxx/CVE-2021-3620.json | 201 ++++- 2021/3xxx/CVE-2021-3639.json | 77 +- 2021/3xxx/CVE-2021-3640.json | 159 +++- 2021/3xxx/CVE-2021-3660.json | 82 +- 2021/3xxx/CVE-2021-3667.json | 132 ++- 2021/3xxx/CVE-2021-3669.json | 96 ++- 2021/3xxx/CVE-2021-3688.json | 191 ++++- 2021/3xxx/CVE-2021-3743.json | 127 ++- 2021/3xxx/CVE-2021-3744.json | 167 ++-- 2021/3xxx/CVE-2021-3750.json | 106 ++- 2021/3xxx/CVE-2021-3772.json | 133 ++- 2021/3xxx/CVE-2021-3798.json | 87 +- 2021/3xxx/CVE-2021-3979.json | 113 ++- 2021/3xxx/CVE-2021-3981.json | 96 ++- 2021/3xxx/CVE-2021-3999.json | 113 ++- 2021/4xxx/CVE-2021-4034.json | 352 +++++++- 2021/4xxx/CVE-2021-4047.json | 74 +- 2021/4xxx/CVE-2021-4112.json | 106 ++- 2021/4xxx/CVE-2021-4142.json | 124 ++- 2021/4xxx/CVE-2021-4158.json | 107 ++- 2022/0xxx/CVE-2022-0168.json | 123 ++- 2022/0xxx/CVE-2022-0185.json | 169 +++- 2023/25xxx/CVE-2023-25116.json | 18 + 2023/25xxx/CVE-2023-25117.json | 18 + 2023/25xxx/CVE-2023-25118.json | 18 + 2023/25xxx/CVE-2023-25119.json | 18 + 2023/25xxx/CVE-2023-25120.json | 18 + 2023/25xxx/CVE-2023-25121.json | 18 + 2023/25xxx/CVE-2023-25122.json | 18 + 2023/25xxx/CVE-2023-25123.json | 18 + 2023/25xxx/CVE-2023-25124.json | 18 + 51 files changed, 5638 insertions(+), 1508 deletions(-) create mode 100644 2023/25xxx/CVE-2023-25116.json create mode 100644 2023/25xxx/CVE-2023-25117.json create mode 100644 2023/25xxx/CVE-2023-25118.json create mode 100644 2023/25xxx/CVE-2023-25119.json create mode 100644 2023/25xxx/CVE-2023-25120.json create mode 100644 2023/25xxx/CVE-2023-25121.json create mode 100644 2023/25xxx/CVE-2023-25122.json create mode 100644 2023/25xxx/CVE-2023-25123.json create mode 100644 2023/25xxx/CVE-2023-25124.json diff --git a/2017/15xxx/CVE-2017-15085.json b/2017/15xxx/CVE-2017-15085.json index d65876c0a01..fbfe389cae5 100644 --- a/2017/15xxx/CVE-2017-15085.json +++ b/2017/15xxx/CVE-2017-15085.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2017-10-24T00:00:00", "ID": "CVE-2017-15085", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Gluster Storage for RHEL 6", - "version": { - "version_data": [ - { - "version_value": "3.3" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,28 +21,81 @@ "description": [ { "lang": "eng", - "value": "CWE-300" + "value": "Channel Accessible by Non-Endpoint", + "cweId": "CWE-300" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Gluster Storage 3.3 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:4.6.3-8.el6rhs", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "101554", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/101554" + "url": "https://access.redhat.com/errata/RHSA-2017:3110", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:3110" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15085", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15085" + "url": "http://www.securityfocus.com/bid/101554", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/101554" }, { - "name": "RHSA-2017:3110", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:3110" + "url": "https://access.redhat.com/security/cve/CVE-2017-15085", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2017-15085" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505787", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1505787" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15085", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15085" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" } ] } diff --git a/2017/15xxx/CVE-2017-15124.json b/2017/15xxx/CVE-2017-15124.json index 769bba0c5e1..c508f42da2b 100644 --- a/2017/15xxx/CVE-2017-15124.json +++ b/2017/15xxx/CVE-2017-15124.json @@ -1,41 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2017-12-18T00:00:00", "ID": "CVE-2017-15124", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Qemu", - "version": { - "version_data": [ - { - "version_value": "2.11.0 and older" - } - ] - } - } - ] - }, - "vendor_name": "QEMU" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host." + "value": "VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host." } ] }, @@ -45,53 +21,198 @@ "description": [ { "lang": "eng", - "value": "CWE-770" + "value": "Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "10:1.5.3-156.el7", + "version_affected": "!" + }, + { + "version_value": "10:2.12.0-18.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", + "version": { + "version_data": [ + { + "version_value": "10:2.10.0-21.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)", + "version": { + "version_data": [ + { + "version_value": "10:2.10.0-21.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenStack Platform 12.0 (Pike)", + "version": { + "version_data": [ + { + "version_value": "10:2.10.0-21.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", + "version": { + "version_data": [ + { + "version_value": "10:2.10.0-21.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", + "version": { + "version_data": [ + { + "version_value": "10:2.10.0-21.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "10:2.10.0-21.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "102295", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/102295" + "url": "http://www.securityfocus.com/bid/102295", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/102295" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195" + "url": "https://access.redhat.com/errata/RHSA-2018:0816", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0816" }, { - "name": "DSA-4213", - "refsource": "DEBIAN", - "url": "https://www.debian.org/security/2018/dsa-4213" + "url": "https://access.redhat.com/errata/RHSA-2018:1104", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:1104" }, { - "name": "RHSA-2018:0816", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0816" + "url": "https://access.redhat.com/errata/RHSA-2018:1113", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:1113" }, { - "name": "RHSA-2018:1104", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:1104" + "url": "https://access.redhat.com/errata/RHSA-2018:3062", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:3062" }, { - "name": "RHSA-2018:1113", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:1113" + "url": "https://access.redhat.com/security/cve/CVE-2017-15124", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2017-15124" }, { - "name": "USN-3575-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3575-1/" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195" }, { - "name": "RHSA-2018:3062", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:3062" + "url": "https://usn.ubuntu.com/3575-1/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/3575-1/" + }, + { + "url": "https://www.debian.org/security/2018/dsa-4213", + "refsource": "MISC", + "name": "https://www.debian.org/security/2018/dsa-4213" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Daniel Berrange (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "accessComplexity": "HIGH", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 2.1, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P", + "version": "2.0" + }, + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", + "version": "3.0" } ] } diff --git a/2017/15xxx/CVE-2017-15127.json b/2017/15xxx/CVE-2017-15127.json index ae77d9e8b6e..b97535be647 100644 --- a/2017/15xxx/CVE-2017-15127.json +++ b/2017/15xxx/CVE-2017-15127.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-15127", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Linux kernel before 4.13", - "version": { - "version_data": [ - { - "version_value": "Linux kernel before 4.13" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG)." + "value": "A flaw was found in the Linux kernel when freeing pages in hugetlbfs. This could trigger a local denial of service by crashing the kernel." } ] }, @@ -44,48 +21,95 @@ "description": [ { "lang": "eng", - "value": "CWE-460" + "value": "Improper Cleanup on Thrown Exception", + "cweId": "CWE-460" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:3.10.0-862.rt56.804.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.10.0-862.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995", + "url": "https://access.redhat.com/errata/RHSA-2018:0676", "refsource": "MISC", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995" + "name": "https://access.redhat.com/errata/RHSA-2018:0676" }, { - "name": "RHSA-2018:1062", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:1062" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218", + "url": "https://access.redhat.com/errata/RHSA-2018:1062", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218" + "name": "https://access.redhat.com/errata/RHSA-2018:1062" }, { - "name": "RHSA-2018:0676", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0676" - }, - { - "name": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995", "refsource": "MISC", - "url": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995" + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995" }, { - "name": "https://access.redhat.com/security/cve/CVE-2017-15127", + "url": "http://www.securityfocus.com/bid/102517", "refsource": "MISC", - "url": "https://access.redhat.com/security/cve/CVE-2017-15127" + "name": "http://www.securityfocus.com/bid/102517" }, { - "name": "102517", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/102517" + "url": "https://access.redhat.com/security/cve/CVE-2017-15127", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2017-15127" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218" + }, + { + "url": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" } ] } diff --git a/2017/15xxx/CVE-2017-15135.json b/2017/15xxx/CVE-2017-15135.json index b856e628e34..e6a5eb2d508 100644 --- a/2017/15xxx/CVE-2017-15135.json +++ b/2017/15xxx/CVE-2017-15135.json @@ -1,41 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2017-12-13T00:00:00", "ID": "CVE-2017-15135", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "389-ds-base", - "version": { - "version_data": [ - { - "version_value": "since 1.3.6.1 up to and including 1.4.0.3" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances." + "value": "It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances." } ] }, @@ -45,38 +21,103 @@ "description": [ { "lang": "eng", - "value": "CWE-287" + "value": "Improper Authentication", + "cweId": "CWE-287" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "0:1.2.11.15-94.el6_9", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:1.3.6.1-28.el7_4", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "102811", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/102811" + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628" + "url": "http://www.securityfocus.com/bid/102811", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/102811" }, { - "name": "RHSA-2018:0414", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0414" + "url": "https://access.redhat.com/errata/RHSA-2018:0414", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0414" }, { - "name": "RHSA-2018:0515", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2018:0515" + "url": "https://access.redhat.com/errata/RHSA-2018:0515", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2018:0515" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1397", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html" + "url": "https://access.redhat.com/security/cve/CVE-2017-15135", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2017-15135" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Martin Poole (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" } ] } diff --git a/2017/15xxx/CVE-2017-15137.json b/2017/15xxx/CVE-2017-15137.json index 288c0a0cff2..9252be7c210 100644 --- a/2017/15xxx/CVE-2017-15137.json +++ b/2017/15xxx/CVE-2017-15137.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-15137", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "atomic-openshift", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,39 +15,1408 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-20" + "value": "Improper Input Validation", + "cweId": "CWE-20" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat OpenShift Container Platform 3.9", + "version": { + "version_data": [ + { + "version_value": "0:0.1.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.4.0-8.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.16-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.15-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.5-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.9.14-1.git.0.4efa2ca.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.9.14-1.git.349.1018739.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.9.14-1.git.229.04c20c2.el7", + "version_affected": "!" + }, + { + "version_value": "0:160-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.5.2-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.9.10-1.git8723732.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-2.alpha.0.git653cc8c.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.3-12.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.5.0-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.4.4-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.4.4.01_redhat_1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.12.42-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.1-2.git885c9f40.el7", + "version_affected": "!" + }, + { + "version_value": "0:0-2.gitceca8c1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.14.0-1.git30af4d0.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.15.2-2.git98bc649.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.1.0-1.git85f23d8.el7", + "version_affected": "!" + }, + { + "version_value": "0:0-2.git85ceabc.el7", + "version_affected": "!" + }, + { + "version_value": "0:183.0.0-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.8.1-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.2.2-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.3.0-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.7.1-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.1.2-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.89.4.1519670652-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.651.2-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.9.1519779801-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.3-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.7-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.2.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.0.9-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:6.0.4-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.1.13-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.11-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.0-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.6-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.13-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.0.4-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.3.0-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.4.5-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.27.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.85-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.0.5-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.7-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.1-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.0.3-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.7.3-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.2.1-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.20-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.11-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.9.0-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.5-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.10-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.59-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.1.2.9-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.6-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.9.6-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.12-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.47-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.1.24-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.1-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.3-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.7-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.3.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.4-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.6-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.2-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.3.0-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.4-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.8-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.1.1-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.29-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.15-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.6-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.7.2-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.13-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.4-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.30-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.8-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.11-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.10-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.14-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.9-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.6.4-4.el7", + "version_affected": "!" + }, + { + "version_value": "1:1.7.5-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.10-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.23.13-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.7-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.7.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.7-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.3.3-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.1.3-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.0.4-5.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.1.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.3-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.1.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.0.3-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.11-4.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.4-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.4.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.5.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.2.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.4-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.10.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.14.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.8.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.2.1-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.11.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.1.1-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.7.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.1.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.10.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.1.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.5-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.8.1-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.4.7-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.2.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.5.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.6-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.0.5-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.5.3-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.2.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.1.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.7.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.7.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.4.14-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:4.13.3-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.0.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.4.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.6.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-rc3.1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.2.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:5.0.15-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:4.1.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.4.5-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.13-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.7.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.8.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.2-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.1-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.2.0-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.8.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.7-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.1.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.14.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.2.3-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.3.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.11.2-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.4.13-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.4.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.4-6.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.0.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.12.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:5.0.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.4.3-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.0.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.5.3-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.10.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:4.0.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.3.4-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.23.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.1.11-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.0.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.2.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.6.1-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.7.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.6.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.4.7-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.0.4-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.9.13-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.8.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:4.0.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.3.2-5.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.4.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:7-5.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.1-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.3.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.2.2-4.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.1.2-4.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-4.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.2.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.2.0-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:7.1.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.8-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:5.2.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.1.4-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.0.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.5.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.61.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.1.6-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.3-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.4.4-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.13.0-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.10.0-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.9-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.1.33-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.2.1-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.10.31-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.0.4-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.0.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.1.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.3.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.4.1-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.0.6-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.6.9-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:0.0.3-3.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.2.2-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-4.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:4.0.0-4.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.24.0-1.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:3.9.14-1.git.0.ca2cfc3.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.4.4.21__redhat_1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.8.0-1.git.216.b6b90bb.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.1-2.git5bd9251.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1-8.git78d6339.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.1.0-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.5.1-8.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.08-20.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.14-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.34.0-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.4.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.4.57-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.3-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2016.9.26-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.1-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.0.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.6.1-16.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.4.2-1.3.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.0.3-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.9.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.9.0-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.4.0-2.1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.71c-2.el7aos", + "version_affected": "!" + }, + { + "version_value": "0:5.0.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.2.1-20180102gitd701bf9.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-9.2.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.6.0-2.el7", + "version_affected": "!" + }, + { + "version_value": "1:0.5.0-8.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.1.1-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.6.5-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.4.32-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.5.7-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.4.0-7.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.4.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.4.9-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.15.23-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.1.3-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:17.1.1-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.5.2.2-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.21.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "1:4.2.10-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.5.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.5-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.5.3-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.22.4-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.5.20170404-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.60.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.13.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.9.23-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.4.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.1.1-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.13.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.6.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.5.6-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.4.5-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.0.9-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.0.13-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.9.8-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.6.0-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.9.5-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.0-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.2016.0521-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:5.10.3-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.2.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.13.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.11.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.3-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.0.5-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.1.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.2.4-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.0.5-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.3.6-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.2.5-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.2018.3-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.1.4-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.0.7.5-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.1.5-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-24.rc4.dev.gitc6e4a1e.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.5.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.4.4.10_redhat_1-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.06-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.9.1-15.el7", + "version_affected": "!" + }, + { + "version_value": "1:3.14.5.10-25.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137" + "url": "https://access.redhat.com/errata/RHBA-2018:0489", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHBA-2018:0489" }, { - "name": "RHBA-2018:0489", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHBA-2018:0489" + "url": "https://access.redhat.com/security/cve/CVE-2017-15137", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2017-15137" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566191", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1566191" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Ben Parees (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" } ] } diff --git a/2017/2xxx/CVE-2017-2596.json b/2017/2xxx/CVE-2017-2596.json index 4ff1cad6004..e08a1e54ed9 100644 --- a/2017/2xxx/CVE-2017-2596.json +++ b/2017/2xxx/CVE-2017-2596.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-2596", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references." + "value": "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS." } ] }, @@ -44,43 +21,122 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Missing Release of Resource after Effective Lifetime", + "cweId": "CWE-772" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:3.10.0-693.rt56.617.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.10.0-693.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1417812", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417812" + "url": "http://www.debian.org/security/2017/dsa-3791", + "refsource": "MISC", + "name": "http://www.debian.org/security/2017/dsa-3791" }, { - "name": "[oss-security] 20170131 CVE-2017-2596 Kernel: kvm: page reference leakage in handle_vmon", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2017/01/31/4" + "url": "https://access.redhat.com/errata/RHSA-2017:1842", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1842" }, { - "name": "95878", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/95878" + "url": "https://access.redhat.com/errata/RHSA-2017:2077", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2077" }, { - "name": "RHSA-2017:2077", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2077" + "url": "http://www.openwall.com/lists/oss-security/2017/01/31/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/01/31/4" }, { - "name": "RHSA-2017:1842", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1842" + "url": "http://www.securityfocus.com/bid/95878", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/95878" }, { - "name": "DSA-3791", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2017/dsa-3791" + "url": "https://access.redhat.com/security/cve/CVE-2017-2596", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2017-2596" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417812", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1417812" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Dmitry Vyukov (Google Inc.) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "accessComplexity": "HIGH", + "accessVector": "ADJACENT_NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:C", + "version": "2.0" + }, + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", + "version": "3.0" } ] } diff --git a/2017/2xxx/CVE-2017-2621.json b/2017/2xxx/CVE-2017-2621.json index 949017674a5..df88eaa0da3 100644 --- a/2017/2xxx/CVE-2017-2621.json +++ b/2017/2xxx/CVE-2017-2621.json @@ -1,92 +1,123 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-2621", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "openstack-heat", - "version": { - "version_data": [ - { - "version_value": "openstack-heat-8.0.0" - }, - { - "version_value": "openstack-heat-6.1.0" - }, - { - "version_value": "openstack-heat-7.0.2" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information." + "value": "An access-control flaw was found in the OpenStack Orchestration (heat) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information." } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-552" + "value": "Files or Directories Accessible to External Parties", + "cweId": "CWE-552" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", + "version": { + "version_data": [ + { + "version_value": "1:7.0.2-4.el7ost", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", + "version": { + "version_data": [ + { + "version_value": "1:6.1.0-3.el7ost", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621" + "url": "http://www.securityfocus.com/bid/96280", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/96280" }, { - "name": "RHSA-2017:1243", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1243" + "url": "https://access.redhat.com/errata/RHSA-2017:1243", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1243" }, { - "name": "RHSA-2017:1464", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1464" + "url": "https://access.redhat.com/errata/RHSA-2017:1464", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1464" }, { - "name": "96280", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/96280" + "url": "https://access.redhat.com/security/cve/CVE-2017-2621", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2017-2621" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420990", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420990" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.0" } ] } diff --git a/2017/2xxx/CVE-2017-2622.json b/2017/2xxx/CVE-2017-2622.json index f21d3454c80..6c72a933728 100644 --- a/2017/2xxx/CVE-2017-2622.json +++ b/2017/2xxx/CVE-2017-2622.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-2622", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "openstack-mistral", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,39 +15,88 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-552" + "value": "Files or Directories Accessible to External Parties", + "cweId": "CWE-552" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", + "version": { + "version_data": [ + { + "version_value": "0:3.0.2-11.el7ost", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622" + "url": "https://access.redhat.com/errata/RHSA-2017:1584", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1584" }, { - "name": "RHSA-2017:1584", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1584" + "url": "https://access.redhat.com/security/cve/CVE-2017-2622", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2017-2622" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420992", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420992" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.0" } ] } diff --git a/2017/2xxx/CVE-2017-2628.json b/2017/2xxx/CVE-2017-2628.json index 9bf8bf70ab6..a5a1ff03743 100644 --- a/2017/2xxx/CVE-2017-2628.json +++ b/2017/2xxx/CVE-2017-2628.json @@ -1,41 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "DATE_PUBLIC": "2017-03-29T00:00:00", "ID": "CVE-2017-2628", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "curl", - "version": { - "version_data": [ - { - "version_value": "7.19.7-53" - } - ] - } - } - ] - }, - "vendor_name": "Red Hat, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only." + "value": "It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server." } ] }, @@ -45,28 +21,87 @@ "description": [ { "lang": "eng", - "value": "CWE-287" + "value": "Improper Authentication", + "cweId": "CWE-287" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "0:7.19.7-53.el6_9", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2017:0847", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2017-0847.html" + "url": "http://rhn.redhat.com/errata/RHSA-2017-0847.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2017-0847.html" }, { - "name": "97187", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/97187" + "url": "http://www.securityfocus.com/bid/97187", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/97187" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1422464", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422464" + "url": "https://access.redhat.com/errata/RHSA-2017:0847", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:0847" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2017-2628", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2017-2628" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422464", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1422464" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Paulo Andrade (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" } ] } diff --git a/2017/2xxx/CVE-2017-2647.json b/2017/2xxx/CVE-2017-2647.json index 6df7cebe40c..c264c946fb9 100644 --- a/2017/2xxx/CVE-2017-2647.json +++ b/2017/2xxx/CVE-2017-2647.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-2647", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c." + "value": "A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges." } ] }, @@ -44,63 +21,175 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "0:2.6.32-754.33.1.el6", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", + "version": { + "version_data": [ + { + "version_value": "0:2.6.32-504.84.1.el6", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:3.10.0-693.rt56.617.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.10.0-693.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7.3 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "0:3.10.0-514.28.1.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise MRG 2", + "version": { + "version_data": [ + { + "version_value": "1:3.10.0-514.rt56.231.el6rt", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2017:2437", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2437" + "url": "https://usn.ubuntu.com/3849-1/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/3849-1/" }, { - "name": "RHSA-2017:2444", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2444" + "url": "https://usn.ubuntu.com/3849-2/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/3849-2/" }, { - "name": "97258", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/97258" + "url": "https://access.redhat.com/errata/RHSA-2017:1842", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:1842" }, { - "name": "https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81" + "url": "https://access.redhat.com/errata/RHSA-2017:2077", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2077" }, { - "name": "USN-3849-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3849-1/" + "url": "https://access.redhat.com/errata/RHSA-2017:2437", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2437" }, { - "name": "USN-3849-2", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3849-2/" + "url": "https://access.redhat.com/errata/RHSA-2017:2444", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2017:2444" }, { - "name": "RHSA-2017:2077", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:2077" + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81", + "refsource": "MISC", + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81" }, { - "name": "RHSA-2017:1842", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2017:1842" + "url": "http://www.securityfocus.com/bid/97258", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/97258" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1428353", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428353" + "url": "https://access.redhat.com/errata/RHSA-2020:3548", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2020:3548" }, { - "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81" + "url": "https://access.redhat.com/errata/RHSA-2020:3836", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2020:3836" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2017-2647", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2017-2647" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428353", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1428353" + }, + { + "url": "https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Andrey Ryabinin (Virtuozzo) and Igor Redko (Virtuozzo) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" } ] } diff --git a/2017/2xxx/CVE-2017-2662.json b/2017/2xxx/CVE-2017-2662.json index fddf3b7e9ce..2c3f7fb2994 100644 --- a/2017/2xxx/CVE-2017-2662.json +++ b/2017/2xxx/CVE-2017-2662.json @@ -1,76 +1,107 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-2662", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "foreman katello plugin", - "version": { - "version_data": [ - { - "version_value": "3.4.5" - } - ] - } - } - ] - }, - "vendor_name": "The Foreman Project" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id." + "value": "CVE-2017-2662 foreman: Managing repositories with their id via hammer does not respect the role filters" } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-862" + "value": "Missing Authorization", + "cweId": "CWE-862" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Satellite 6.9 for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:2.3.1.20-1.el7sat", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662" + "url": "https://access.redhat.com/errata/RHSA-2021:1313", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:1313" }, { - "name": "https://projects.theforeman.org/issues/18838", - "refsource": "CONFIRM", - "url": "https://projects.theforeman.org/issues/18838" + "url": "https://access.redhat.com/security/cve/CVE-2017-2662", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2017-2662" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434106", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1434106" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662" + }, + { + "url": "https://projects.theforeman.org/issues/18838", + "refsource": "MISC", + "name": "https://projects.theforeman.org/issues/18838" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Brad Buckingham (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" } ] } diff --git a/2021/3xxx/CVE-2021-3442.json b/2021/3xxx/CVE-2021-3442.json index 06a006bda0f..73c9c6df7d2 100644 --- a/2021/3xxx/CVE-2021-3442.json +++ b/2021/3xxx/CVE-2021-3442.json @@ -1,25 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3442", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Externally-Controlled Format String", + "cweId": "CWE-134" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "Red Hat OpenShift API Management.", + "product_name": "3scale API Management", "version": { "version_data": [ { - "version_value": "Affects v2.9.1 GA." + "version_value": "1.14.0-4", + "version_affected": "!" + }, + { + "version_value": "2.11.0-16", + "version_affected": "!" + }, + { + "version_value": "1.20.0-6", + "version_affected": "!" + }, + { + "version_value": "1.14.0-3", + "version_affected": "!" + }, + { + "version_value": "2.11.0-9", + "version_affected": "!" + }, + { + "version_value": "1.4.16-38", + "version_affected": "!" + }, + { + "version_value": "1.15.0-8", + "version_affected": "!" + }, + { + "version_value": "1.6.0-7", + "version_affected": "!" } ] } @@ -30,37 +80,46 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20 - Improper Input Validation -> CWE-134 - Use of Externally-Controlled Format String" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://access.redhat.com/security/cve/CVE-2021-3442", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1930083", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930083" + "name": "https://access.redhat.com/security/cve/CVE-2021-3442" }, { + "url": "https://access.redhat.com/errata/RHSA-2021:3851", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2021-3442", - "url": "https://access.redhat.com/security/cve/CVE-2021-3442" + "name": "https://access.redhat.com/errata/RHSA-2021:3851" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930083", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1930083" } ] }, - "description": { - "description_data": [ + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Or Asaf (Red Hat Product Security) and Siddharth Sharma (Red Hat Product Security)." + } + ], + "impact": { + "cvss": [ { - "lang": "eng", - "value": "A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality." + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2021/3xxx/CVE-2021-3499.json b/2021/3xxx/CVE-2021-3499.json index bde0fa75c18..a1f2bdc511e 100644 --- a/2021/3xxx/CVE-2021-3499.json +++ b/2021/3xxx/CVE-2021-3499.json @@ -1,25 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3499", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in OVN Kubernetes where the Egress Firewall does not reliably apply firewall rules when there is multiple dns rules. It could lead to potentially lose of confidentiality, integrity or availability of a service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "openshift/ovn-kubernetes", + "product_name": "Red Hat OpenShift Container Platform 4.7", "version": { "version_data": [ { - "version_value": "All ovn-kubernetes versions up to and including 0.3.0" + "version_value": "v4.7.0-202105102252.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105010012.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105101449.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105061841.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105061754.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202104291920.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202104292145.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105072257.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202104302340.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105071917.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105060839.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105070703.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202104290851.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105071232.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105091821.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105062344.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105111107.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105071334.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105111940.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105071028.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105111858.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202104300003.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202104280847.p0", + "version_affected": "!" + }, + { + "version_value": "v4.7.0-202105110735.p0", + "version_affected": "!" } ] } @@ -30,32 +144,46 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-863" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://access.redhat.com/errata/RHBA-2021:1550", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1949188", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949188" + "name": "https://access.redhat.com/errata/RHBA-2021:1550" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2021-3499", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3499" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949188", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1949188" } ] }, - "description": { - "description_data": [ + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Michael Swenson (Red Hat)." + } + ], + "impact": { + "cvss": [ { - "lang": "eng", - "value": "A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. It could lead to potentially lose of confidentiality, integrity or availability of a service." + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2021/3xxx/CVE-2021-3507.json b/2021/3xxx/CVE-2021-3507.json index 2ca030248ba..a50b0c84c43 100644 --- a/2021/3xxx/CVE-2021-3507.json +++ b/2021/3xxx/CVE-2021-3507.json @@ -1,25 +1,58 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3507", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap buffer overflow was found in the floppy disk emulator of QEMU. It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "QEMU", + "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ { - "version_value": "up to 6.0.0 (including)" + "version_value": "8070020220921004438.3b9f49c4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "17:7.0.0-13.el9", + "version_affected": "!" } ] } @@ -30,42 +63,61 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-119" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://access.redhat.com/errata/RHSA-2022:7472", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1951118", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951118" + "name": "https://access.redhat.com/errata/RHSA-2022:7472" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20210528-0005/", - "url": "https://security.netapp.com/advisory/ntap-20210528-0005/" + "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update", - "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html" + "url": "https://access.redhat.com/errata/RHSA-2022:7967", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2022:7967" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2021-3507", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3507" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951118", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1951118" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20210528-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20210528-0005/" } ] }, - "description": { - "description_data": [ + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Alexander Bulekov for reporting this issue." + } + ], + "impact": { + "cvss": [ { - "lang": "eng", - "value": "A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory." + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2021/3xxx/CVE-2021-3520.json b/2021/3xxx/CVE-2021-3520.json index 2fb49cd6336..981edb16f3f 100644 --- a/2021/3xxx/CVE-2021-3520.json +++ b/2021/3xxx/CVE-2021-3520.json @@ -1,25 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3520", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "lz4", + "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ { - "version_value": "lz4-1.8.3" + "version_value": "0:1.8.3-3.el8_4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Migration Toolkit for Containers 1.4", + "version": { + "version_data": [ + { + "version_value": "v1.4.6-4", + "version_affected": "!" + }, + { + "version_value": "v1.4.6-5", + "version_affected": "!" + }, + { + "version_value": "v1.4.6-3", + "version_affected": "!" } ] } @@ -30,25 +71,8 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-190->CWE-787" - } - ] - } - ] - }, "references": { "reference_data": [ - { - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559" - }, { "url": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", @@ -65,17 +89,62 @@ "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20211104-0005/", - "url": "https://security.netapp.com/advisory/ntap-20211104-0005/" + "url": "https://access.redhat.com/errata/RHBA-2021:2854", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHBA-2021:2854" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:2575", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:2575" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2022:1345", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2022:1345" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2022:5606", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2022:5606" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2022:6407", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2022:6407" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2021-3520", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3520" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20211104-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20211104-0005/" } ] }, - "description": { - "description_data": [ + "impact": { + "cvss": [ { - "lang": "eng", - "value": "There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well." + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "version": "3.1" } ] } diff --git a/2021/3xxx/CVE-2021-3521.json b/2021/3xxx/CVE-2021-3521.json index 2232e50b3e4..23b4944ca7f 100644 --- a/2021/3xxx/CVE-2021-3521.json +++ b/2021/3xxx/CVE-2021-3521.json @@ -1,25 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3521", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\"[1] RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. 1. https://tools.ietf.org/html/rfc4880#section-5.2.1" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Verification of Cryptographic Signature", + "cweId": "CWE-347" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "RPM", + "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ { - "version_value": "Fixed in rpm-4.18.0-beta1, rpm-4.18.0-alpha2, rpm-4.18.0-alpha1 ." + "version_value": "0:4.14.3-19.el8_5.2", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "0:4.14.2-40.el8_2", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "0:4.14.3-14.el8_4.2", + "version_affected": "!" } ] } @@ -30,52 +74,71 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-347 - Improper Verification of Cryptographic Signature" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://access.redhat.com/security/cve/CVE-2021-3521", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1941098", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941098" + "name": "https://access.redhat.com/security/cve/CVE-2021-3521" }, { + "url": "https://github.com/rpm-software-management/rpm/pull/1795/", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2021-3521", - "url": "https://access.redhat.com/security/cve/CVE-2021-3521" + "name": "https://github.com/rpm-software-management/rpm/pull/1795/" }, { + "url": "https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8", "refsource": "MISC", - "name": "https://github.com/rpm-software-management/rpm/pull/1795/", - "url": "https://github.com/rpm-software-management/rpm/pull/1795/" + "name": "https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8" }, { + "url": "https://access.redhat.com/errata/RHSA-2022:0254", "refsource": "MISC", - "name": "https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8", - "url": "https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8" + "name": "https://access.redhat.com/errata/RHSA-2022:0254" }, { - "refsource": "GENTOO", - "name": "GLSA-202210-22", - "url": "https://security.gentoo.org/glsa/202210-22" + "url": "https://access.redhat.com/errata/RHSA-2022:0368", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2022:0368" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2022:0634", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2022:0634" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941098", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1941098" + }, + { + "url": "https://security.gentoo.org/glsa/202210-22", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/202210-22" } ] }, - "description": { - "description_data": [ + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Demi M. Obenour for reporting this issue." + } + ], + "impact": { + "cvss": [ { - "lang": "eng", - "value": "There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\" RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources." + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2021/3xxx/CVE-2021-3564.json b/2021/3xxx/CVE-2021-3564.json index bca03a6281e..1199e15d7cd 100644 --- a/2021/3xxx/CVE-2021-3564.json +++ b/2021/3xxx/CVE-2021-3564.json @@ -1,25 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3564", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double Free", + "cweId": "CWE-415" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "kernel", + "product_name": "Red Hat Enterprise Linux 7", "version": { "version_data": [ { - "version_value": "All Linux kernel versions starting from 3.13" + "version_value": "0:3.10.0-1160.59.1.rt56.1200.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.10.0-1160.59.1.el7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "0:4.18.0-348.rt7.130.el8", + "version_affected": "!" + }, + { + "version_value": "0:4.18.0-348.el8", + "version_affected": "!" } ] } @@ -30,57 +71,92 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-415" - } - ] - } - ] - }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20210525 CVE-2021-3564 Linux Bluetooth device initialization implementation bug", - "url": "http://www.openwall.com/lists/oss-security/2021/05/25/1" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20210601 Re: CVE-2021-3564 Linux Bluetooth device initialization implementation bug", - "url": "http://www.openwall.com/lists/oss-security/2021/06/01/2" - }, - { + "url": "https://www.openwall.com/lists/oss-security/2021/05/25/1", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139" + "name": "https://www.openwall.com/lists/oss-security/2021/05/25/1" }, { + "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "refsource": "MISC", - "name": "https://www.openwall.com/lists/oss-security/2021/05/25/1", - "url": "https://www.openwall.com/lists/oss-security/2021/05/25/1" + "name": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html" + "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html" + "url": "https://access.redhat.com/errata/RHSA-2021:4140", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:4140" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:4356", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:4356" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/05/25/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/05/25/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/06/01/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/06/01/2" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2022:0620", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2022:0620" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2022:0622", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2022:0622" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2021-3564", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3564" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139" } ] }, - "description": { - "description_data": [ + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank HaoXiong, LinMa (ckSec) for reporting this issue." + } + ], + "impact": { + "cvss": [ { - "lang": "eng", - "value": "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13." + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2021/3xxx/CVE-2021-3575.json b/2021/3xxx/CVE-2021-3575.json index a15c6302d9e..67b13050b7a 100644 --- a/2021/3xxx/CVE-2021-3575.json +++ b/2021/3xxx/CVE-2021-3575.json @@ -1,25 +1,47 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3575", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "OpenJPEG", + "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ { - "version_value": "Afeects v2.4.0 and prior." + "version_value": "0:2.4.0-4.el8", + "version_affected": "!" } ] } @@ -30,52 +52,60 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787" - } - ] - } - ] - }, "references": { "reference_data": [ { - "refsource": "FEDORA", - "name": "FEDORA-2021-c1ac2ee5ee", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2021-e145f477df", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/" - }, - { + "url": "https://github.com/uclouvain/openjpeg/issues/1347", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616" + "name": "https://github.com/uclouvain/openjpeg/issues/1347" }, { + "url": "https://ubuntu.com/security/CVE-2021-3575", "refsource": "MISC", - "name": "https://github.com/uclouvain/openjpeg/issues/1347", - "url": "https://github.com/uclouvain/openjpeg/issues/1347" + "name": "https://ubuntu.com/security/CVE-2021-3575" }, { + "url": "https://access.redhat.com/errata/RHSA-2021:4251", "refsource": "MISC", - "name": "https://ubuntu.com/security/CVE-2021-3575", - "url": "https://ubuntu.com/security/CVE-2021-3575" + "name": "https://access.redhat.com/errata/RHSA-2021:4251" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2021-3575", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3575" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1957616" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/" } ] }, - "description": { - "description_data": [ + "impact": { + "cvss": [ { - "lang": "eng", - "value": "A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg." + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2021/3xxx/CVE-2021-3609.json b/2021/3xxx/CVE-2021-3609.json index 12e848fa531..92782b79cf3 100644 --- a/2021/3xxx/CVE-2021-3609.json +++ b/2021/3xxx/CVE-2021-3609.json @@ -1,25 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3609", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + "cweId": "CWE-362" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "kernel", + "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ { - "version_value": "Affects kernel v2.6.25 to v5.13-rc6" + "version_value": "0:4.18.0-305.12.1.rt7.84.el8_4", + "version_affected": "!" + }, + { + "version_value": "0:4.18.0-305.12.1.el8_4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "0:4.18.0-147.54.2.el8_1", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "0:4.18.0-193.64.1.rt13.115.el8_2", + "version_affected": "!" + }, + { + "version_value": "0:4.18.0-193.64.1.el8_2", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "0:4.4.7-20210804.0.el8_4", + "version_affected": "!" } ] } @@ -30,52 +93,112 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://www.openwall.com/lists/oss-security/2021/06/19/1", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1971651", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971651" + "name": "https://www.openwall.com/lists/oss-security/2021/06/19/1" }, { + "url": "https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md", "refsource": "MISC", - "name": "https://www.openwall.com/lists/oss-security/2021/06/19/1", - "url": "https://www.openwall.com/lists/oss-security/2021/06/19/1" + "name": "https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md" }, { + "url": "https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463", "refsource": "MISC", - "name": "https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md", - "url": "https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md" + "name": "https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463" }, { + "url": "https://access.redhat.com/errata/RHSA-2021:3044", "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463", - "url": "https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463" + "name": "https://access.redhat.com/errata/RHSA-2021:3044" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20220419-0004/", - "url": "https://security.netapp.com/advisory/ntap-20220419-0004/" + "url": "https://access.redhat.com/errata/RHSA-2021:3057", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:3057" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:3088", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:3088" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:3235", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:3235" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:3363", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:3363" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:3375", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:3375" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:3380", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:3380" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:3442", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:3442" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:3444", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:3444" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2021-3609", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3609" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971651", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1971651" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20220419-0004/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20220419-0004/" } ] }, - "description": { - "description_data": [ + "work_around": [ + { + "lang": "en", + "value": "As the CAN module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n\n# echo \"install can-bcm /bin/true\" >> /etc/modprobe.d/disable-can-bcm.conf\n\nThe system will need to be restarted if the CAN modules are loaded. In most circumstances, the CAN kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.\n\nIf the system requires this module to work correctly, this mitigation may not be suitable.\n\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services." + } + ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Norbert Slusarek for reporting this issue." + } + ], + "impact": { + "cvss": [ { - "lang": "eng", - "value": ".A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root." + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2021/3xxx/CVE-2021-3611.json b/2021/3xxx/CVE-2021-3611.json index 5067eaab1a5..0ef82c88135 100644 --- a/2021/3xxx/CVE-2021-3611.json +++ b/2021/3xxx/CVE-2021-3611.json @@ -1,25 +1,47 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3611", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "QEMU", + "product_name": "Red Hat Enterprise Linux 9", "version": { "version_data": [ { - "version_value": "QEMU versions prior to 7.0.0" + "version_value": "17:7.0.0-13.el9", + "version_affected": "!" } ] } @@ -30,47 +52,61 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-119" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://security.gentoo.org/glsa/202208-27", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784" + "name": "https://security.gentoo.org/glsa/202208-27" }, { + "url": "https://access.redhat.com/errata/RHSA-2022:7967", "refsource": "MISC", - "name": "https://gitlab.com/qemu-project/qemu/-/issues/542", - "url": "https://gitlab.com/qemu-project/qemu/-/issues/542" + "name": "https://access.redhat.com/errata/RHSA-2022:7967" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20220624-0001/", - "url": "https://security.netapp.com/advisory/ntap-20220624-0001/" + "url": "https://access.redhat.com/security/cve/CVE-2021-3611", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3611" }, { - "refsource": "GENTOO", - "name": "GLSA-202208-27", - "url": "https://security.gentoo.org/glsa/202208-27" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784" + }, + { + "url": "https://gitlab.com/qemu-project/qemu/-/issues/542", + "refsource": "MISC", + "name": "https://gitlab.com/qemu-project/qemu/-/issues/542" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20220624-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20220624-0001/" } ] }, - "description": { - "description_data": [ + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "impact": { + "cvss": [ { - "lang": "eng", - "value": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0." + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 3.8, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2021/3xxx/CVE-2021-3620.json b/2021/3xxx/CVE-2021-3620.json index 66df187fbed..57f980dd86e 100644 --- a/2021/3xxx/CVE-2021-3620.json +++ b/2021/3xxx/CVE-2021-3620.json @@ -1,25 +1,140 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3620", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "ansible", + "product_name": "Red Hat Ansible Automation Platform 2.0 for RHEL 8", "version": { "version_data": [ { - "version_value": "Fixed in Ansible Engine v2.9.27" + "version_value": "0:2.9.27-1.el8ap", + "version_affected": "!" + }, + { + "version_value": "0:2.11.6-1.el8ap", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Ansible Engine 2.9 for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:2.9.27-1.el7ae", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Ansible Engine 2.9 for RHEL 8", + "version": { + "version_data": [ + { + "version_value": "0:2.9.27-1.el8ae", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Ansible Engine 2 for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:2.9.27-1.el7ae", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Ansible Engine 2 for RHEL 8", + "version": { + "version_data": [ + { + "version_value": "0:2.9.27-1.el8ae", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "0:2.9.27-1.el8ae", + "version_affected": "!" + }, + { + "version_value": "0:1.6.5-1.el8ev", + "version_affected": "!" + }, + { + "version_value": "0:4.4.9-202111172338_8.5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "0:1.6.5-1.el8ev", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Virtualization Engine 4.4", + "version": { + "version_data": [ + { + "version_value": "0:2.9.27-1.el8ae", + "version_affected": "!" + }, + { + "version_value": "0:1.6.5-1.el8ev", + "version_affected": "!" } ] } @@ -30,42 +145,76 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-209 - Generation of Error Message Containing Sensitive Information" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767" + "name": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { + "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0", "refsource": "MISC", - "name": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes", - "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes" + "name": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0" }, { + "url": "https://access.redhat.com/errata/RHSA-2021:3871", "refsource": "MISC", - "name": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0", - "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0" + "name": "https://access.redhat.com/errata/RHSA-2021:3871" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:3872", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:3872" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:3874", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:3874" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:4703", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:4703" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2021:4750", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2021:4750" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2021-3620", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3620" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767" } ] }, - "description": { - "description_data": [ + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Dalton Rardin for reporting this issue." + } + ], + "impact": { + "cvss": [ { - "lang": "eng", - "value": "A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality." + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2021/3xxx/CVE-2021-3639.json b/2021/3xxx/CVE-2021-3639.json index f16260c0b3f..ccd3a8710bb 100644 --- a/2021/3xxx/CVE-2021-3639.json +++ b/2021/3xxx/CVE-2021-3639.json @@ -1,25 +1,47 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3639", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "mod_auth_mellon", + "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ { - "version_value": "Fixed in v0.18.0" + "version_value": "0:0.14.0-12.el8.1", + "version_affected": "!" } ] } @@ -30,42 +52,45 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://access.redhat.com/security/cve/CVE-2021-3639", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980648", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980648" + "name": "https://access.redhat.com/security/cve/CVE-2021-3639" }, { + "url": "https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2021-3639", - "url": "https://access.redhat.com/security/cve/CVE-2021-3639" + "name": "https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5" }, { + "url": "https://access.redhat.com/errata/RHSA-2022:1934", "refsource": "MISC", - "name": "https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5", - "url": "https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5" + "name": "https://access.redhat.com/errata/RHSA-2022:1934" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980648", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980648" } ] }, - "description": { - "description_data": [ + "impact": { + "cvss": [ { - "lang": "eng", - "value": "A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity." + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" } ] } diff --git a/2021/3xxx/CVE-2021-3640.json b/2021/3xxx/CVE-2021-3640.json index d030e7b1be5..a18864f50cd 100644 --- a/2021/3xxx/CVE-2021-3640.json +++ b/2021/3xxx/CVE-2021-3640.json @@ -1,25 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3640", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "kernel", + "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ { - "version_value": "Affects kernel v5.15.3 and prior, Fixed in v5.16-rc1 and above." + "version_value": "0:4.18.0-425.3.1.rt7.213.el8", + "version_affected": "!" + }, + { + "version_value": "0:4.18.0-425.3.1.el8", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "0:5.14.0-162.6.1.rt21.168.el9_1", + "version_affected": "!" + }, + { + "version_value": "0:5.14.0-162.6.1.el9_1", + "version_affected": "!" } ] } @@ -30,72 +71,106 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), CWE-416 - Use After Free." - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://ubuntu.com/security/CVE-2021-3640", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980646", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980646" + "name": "https://ubuntu.com/security/CVE-2021-3640" }, { + "url": "https://www.openwall.com/lists/oss-security/2021/07/22/1", "refsource": "MISC", - "name": "https://ubuntu.com/security/CVE-2021-3640", - "url": "https://ubuntu.com/security/CVE-2021-3640" + "name": "https://www.openwall.com/lists/oss-security/2021/07/22/1" }, { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951", "refsource": "MISC", - "name": "https://www.openwall.com/lists/oss-security/2021/07/22/1", - "url": "https://www.openwall.com/lists/oss-security/2021/07/22/1" + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951" }, { + "url": "https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951", "refsource": "MISC", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951" + "name": "https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951" }, { + "url": "https://access.redhat.com/errata/RHSA-2022:7444", "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951", - "url": "https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951" + "name": "https://access.redhat.com/errata/RHSA-2022:7444" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", - "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html" + "url": "https://access.redhat.com/errata/RHSA-2022:7683", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2022:7683" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", - "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" + "url": "https://access.redhat.com/errata/RHSA-2022:7933", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2022:7933" }, { - "refsource": "DEBIAN", - "name": "DSA-5096", - "url": "https://www.debian.org/security/2022/dsa-5096" + "url": "https://access.redhat.com/errata/RHSA-2022:8267", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2022:8267" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20220419-0003/", - "url": "https://security.netapp.com/advisory/ntap-20220419-0003/" + "url": "https://access.redhat.com/security/cve/CVE-2021-3640", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2021-3640" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980646", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980646" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" + }, + { + "url": "https://lkml.org/lkml/2021/8/28/238", + "refsource": "MISC", + "name": "https://lkml.org/lkml/2021/8/28/238" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20220419-0003/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20220419-0003/" + }, + { + "url": "https://www.debian.org/security/2022/dsa-5096", + "refsource": "MISC", + "name": "https://www.debian.org/security/2022/dsa-5096" } ] }, - "description": { - "description_data": [ + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "impact": { + "cvss": [ { - "lang": "eng", - "value": "A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system." + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2021/3xxx/CVE-2021-3660.json b/2021/3xxx/CVE-2021-3660.json index 74d766614d1..a9b7417401d 100644 --- a/2021/3xxx/CVE-2021-3660.json +++ b/2021/3xxx/CVE-2021-3660.json @@ -1,25 +1,47 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3660", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an