admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 14:00:47 +00:00
parent a9c1faa1ec
commit ee07fff64a
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
19 changed files with 2999 additions and 1743 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

229
2010/1xxx/CVE-2010-1173.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1173",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data."
"value": "CVE-2010-1173 kernel: sctp: crash due to malformed SCTPChunkInit packet"
}
]
},
@ -44,93 +21,191 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "MRG for RHEL-5",
"version": {
"version_data": [
{
"version_value": "0:2.6.24.7-161.el5rt",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.6.9-89.0.26.EL",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-194.8.1.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100429 CVE-2010-1173 kernel: skb_over_panic resulting from multiple invalid parameter errors",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/29/1"
"url": "https://access.redhat.com/errata/RHSA-2010:0631",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0631"
},
{
"name": "MDVSA-2010:198",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
"url": "http://secunia.com/advisories/43315",
"refsource": "MISC",
"name": "http://secunia.com/advisories/43315"
},
{
"name": "[netdev] 20100428 Re: [PATCH]: sctp: Fix skb_over_panic resulting from multiple invalid parameter errors (CVE-2010-1173) (v4)",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.linux.network/159531"
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "[oss-security] 20100429 Re: CVE-2010-1173 kernel: skb_over_panic resulting from multiple invalid parameter errors",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/29/6"
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "MISC",
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "RHSA-2010:0474",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0474.html"
"url": "http://article.gmane.org/gmane.linux.network/159531",
"refsource": "MISC",
"name": "http://article.gmane.org/gmane.linux.network/159531"
},
{
"name": "43315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43315"
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809"
},
{
"name": "http://kbase.redhat.com/faq/docs/DOC-31052",
"refsource": "CONFIRM",
"url": "http://kbase.redhat.com/faq/docs/DOC-31052"
"url": "http://kbase.redhat.com/faq/docs/DOC-31052",
"refsource": "MISC",
"name": "http://kbase.redhat.com/faq/docs/DOC-31052"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=584645",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=584645"
"url": "http://marc.info/?l=oss-security&m=127251068407878&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=oss-security&m=127251068407878&w=2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809"
"url": "http://secunia.com/advisories/39830",
"refsource": "MISC",
"name": "http://secunia.com/advisories/39830"
},
{
"name": "40218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40218"
"url": "http://secunia.com/advisories/40218",
"refsource": "MISC",
"name": "http://secunia.com/advisories/40218"
},
{
"name": "oval:org.mitre.oval:def:11416",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11416"
"url": "http://www.debian.org/security/2010/dsa-2053",
"refsource": "MISC",
"name": "http://www.debian.org/security/2010/dsa-2053"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
},
{
"name": "DSA-2053",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2053"
"url": "http://www.openwall.com/lists/oss-security/2010/04/29/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/04/29/1"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
"url": "http://www.openwall.com/lists/oss-security/2010/04/29/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/04/29/6"
},
{
"name": "39830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39830"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0474.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0474.html"
},
{
"name": "[oss-security] 20100429 Re: CVE-2010-1173 kernel: skb_over_panic resulting from multiple invalid parameter errors",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127251068407878&w=2"
"url": "https://access.redhat.com/errata/RHSA-2010:0474",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0474"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0504",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0504"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-1173",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-1173"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=584645",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=584645"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11416",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11416"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jukka Taimisto (Codenomicon Ltd), Nokia Siemens Networks, Olli Jarva (Codenomicon Ltd), and Wind River for reporting this issue."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

169
2010/1xxx/CVE-2010-1440.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1440",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739."
"value": "CVE-2010-1440 tetex, texlive: Integer overflow by processing special commands"
}
]
},
@ -44,48 +21,140 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 3",
"version": {
"version_data": [
{
"version_value": "0:1.0.7-67.19",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.0.2-22.0.1.EL4.16",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:3.0-33.8.el5_5.5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201206-28",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-28.xml"
"url": "https://access.redhat.com/errata/RHSA-2010:0399",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0399"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
"url": "https://access.redhat.com/errata/RHSA-2010:0400",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0400"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=586819",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=586819"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html"
},
{
"name": "SUSE-SR:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "FEDORA-2010-8273",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:10068",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10068"
"url": "http://security.gentoo.org/glsa/glsa-201206-28.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201206-28.xml"
},
{
"name": "USN-937-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-937-1"
"url": "http://www.ubuntu.com/usn/USN-937-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-937-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0401",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0401"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-1440",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-1440"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=586819",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=586819"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10068",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10068"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

267
2010/1xxx/CVE-2010-1634.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1634",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5."
"value": "CVE-2010-1634 python: audioop: incorrect integer overflow checks"
}
]
},
@ -44,143 +21,219 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.3.4-14.10.el4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.4.3-43.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://bugs.python.org/issue8674",
"refsource": "CONFIRM",
"url": "http://bugs.python.org/issue8674"
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
"url": "http://secunia.com/advisories/42888",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42888"
},
{
"name": "FEDORA-2010-9652",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html"
"url": "http://secunia.com/advisories/43068",
"refsource": "MISC",
"name": "http://secunia.com/advisories/43068"
},
{
"name": "51087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51087"
"url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
"url": "http://www.vupen.com/english/advisories/2011/0122",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0122"
},
{
"name": "USN-1616-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1616-1"
"url": "http://www.vupen.com/english/advisories/2011/0212",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "51040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51040"
"url": "https://access.redhat.com/errata/RHSA-2011:0027",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:0027"
},
{
"name": "ADV-2010-1448",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1448"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "50858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50858"
"url": "http://bugs.python.org/issue8674",
"refsource": "MISC",
"name": "http://bugs.python.org/issue8674"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0122",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0122"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
"url": "http://secunia.com/advisories/39937",
"refsource": "MISC",
"name": "http://secunia.com/advisories/39937"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=590690",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590690"
"url": "http://secunia.com/advisories/40194",
"refsource": "MISC",
"name": "http://secunia.com/advisories/40194"
},
{
"name": "42888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42888"
"url": "http://secunia.com/advisories/50858",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50858"
},
{
"name": "http://svn.python.org/view?rev=81045&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.python.org/view?rev=81045&view=rev"
"url": "http://secunia.com/advisories/51024",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51024"
},
{
"name": "39937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39937"
"url": "http://secunia.com/advisories/51040",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51040"
},
{
"name": "USN-1596-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1596-1"
"url": "http://secunia.com/advisories/51087",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51087"
},
{
"name": "40194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40194"
"url": "http://support.apple.com/kb/HT5002",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT5002"
},
{
"name": "RHSA-2011:0027",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"
"url": "http://svn.python.org/view?rev=81045&view=rev",
"refsource": "MISC",
"name": "http://svn.python.org/view?rev=81045&view=rev"
},
{
"name": "USN-1613-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-2"
"url": "http://svn.python.org/view?rev=81079&view=rev",
"refsource": "MISC",
"name": "http://svn.python.org/view?rev=81079&view=rev"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
"url": "http://www.securityfocus.com/bid/40370",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/40370"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
"url": "http://www.ubuntu.com/usn/USN-1596-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name": "40370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40370"
"url": "http://www.ubuntu.com/usn/USN-1613-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"name": "51024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51024"
"url": "http://www.ubuntu.com/usn/USN-1613-2",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"name": "USN-1613-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-1"
"url": "http://www.ubuntu.com/usn/USN-1616-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1616-1"
},
{
"name": "http://svn.python.org/view?rev=81079&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.python.org/view?rev=81079&view=rev"
"url": "http://www.vupen.com/english/advisories/2010/1448",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/1448"
},
{
"url": "https://access.redhat.com/errata/RHSA-2011:0491",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:0491"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-1634",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-1634"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590690",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=590690"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

131
2010/2xxx/CVE-2010-2060.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2060",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c."
"value": "CVE-2010-2060 Beanstalkd (prior v1.4.6): Improper sanitization of job body (job payload data)"
}
]
},
@ -44,43 +21,103 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://kr.github.com/beanstalkd/2010/05/23/1.4.6-release-notes.html",
"refsource": "CONFIRM",
"url": "http://kr.github.com/beanstalkd/2010/05/23/1.4.6-release-notes.html"
"url": "http://github.com/kr/beanstalkd/commit/2e8e8c6387ecdf5923dfc4d7718d18eba1b0873d",
"refsource": "MISC",
"name": "http://github.com/kr/beanstalkd/commit/2e8e8c6387ecdf5923dfc4d7718d18eba1b0873d"
},
{
"name": "http://github.com/kr/beanstalkd/commit/2e8e8c6387ecdf5923dfc4d7718d18eba1b0873d",
"refsource": "CONFIRM",
"url": "http://github.com/kr/beanstalkd/commit/2e8e8c6387ecdf5923dfc4d7718d18eba1b0873d"
"url": "http://kr.github.com/beanstalkd/2010/05/23/1.4.6-release-notes.html",
"refsource": "MISC",
"name": "http://kr.github.com/beanstalkd/2010/05/23/1.4.6-release-notes.html"
},
{
"name": "beanstalkd-put-command-execution(59107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59107"
"url": "http://osvdb.org/65113",
"refsource": "MISC",
"name": "http://osvdb.org/65113"
},
{
"name": "40032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40032"
"url": "http://secunia.com/advisories/40032",
"refsource": "MISC",
"name": "http://secunia.com/advisories/40032"
},
{
"name": "65113",
"refsource": "OSVDB",
"url": "http://osvdb.org/65113"
"url": "http://www.securityfocus.com/bid/40516",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/40516"
},
{
"name": "40516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40516"
"url": "https://access.redhat.com/security/cve/CVE-2010-2060",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-2060"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=599021",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=599021"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59107",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59107"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

144
2010/2xxx/CVE-2010-2495.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2495",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change."
"value": "CVE-2010-2495 kernel: l2tp: Fix oops in pppol2tp_xmit"
}
]
},
@ -44,58 +21,113 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100623 kernel: l2tp: Fix oops in pppol2tp_xmit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/23/3"
"url": "http://www.ubuntu.com/usn/USN-1000-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"name": "USN-1000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1000-1"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3feec9095d12e311b7d4eb7fe7e5dfa75d4a72a5",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3feec9095d12e311b7d4eb7fe7e5dfa75d4a72a5"
},
{
"name": "[oss-security] 20100704 Re: CVE Request: kernel: l2tp: Fix oops in pppol2tp_xmit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/04/3"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
},
{
"name": "SUSE-SA:2010:033",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3feec9095d12e311b7d4eb7fe7e5dfa75d4a72a5",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3feec9095d12e311b7d4eb7fe7e5dfa75d4a72a5"
"url": "http://www.openwall.com/lists/oss-security/2010/06/23/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/06/23/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=607054",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607054"
"url": "http://www.openwall.com/lists/oss-security/2010/07/04/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/07/04/2"
},
{
"name": "[oss-security] 20100706 Re: CVE Request: kernel: l2tp: Fix oops in pppol2tp_xmit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/06/11"
"url": "http://www.openwall.com/lists/oss-security/2010/07/04/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/07/04/3"
},
{
"name": "[oss-security] 20100704 Re: kernel: l2tp: Fix oops in pppol2tp_xmit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/04/2"
"url": "http://www.openwall.com/lists/oss-security/2010/07/06/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/07/06/11"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
"url": "https://access.redhat.com/security/cve/CVE-2010-2495",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-2495"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607054",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=607054"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

212
2010/2xxx/CVE-2010-2500.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2500",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file."
"value": "CVE-2010-2500 freetype: integer overflow vulnerability in smooth/ftgrays.c"
}
]
},
@ -44,88 +21,175 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 3",
"version": {
"version_data": [
{
"version_value": "0:2.1.4-15.el3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.1.9-14.el4.8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.2.1-25.el5_5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://savannah.nongnu.org/bugs/?30263",
"refsource": "CONFIRM",
"url": "https://savannah.nongnu.org/bugs/?30263"
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "USN-963-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-963-1"
"url": "http://support.apple.com/kb/HT4435",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT4435"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
"url": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html",
"refsource": "MISC",
"name": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"
},
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee"
"url": "http://marc.info/?l=oss-security&m=127905701201340&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=oss-security&m=127905701201340&w=2"
},
{
"name": "[freetype] 20100712 FreeType 2.4.0 has been released",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"
"url": "http://marc.info/?l=oss-security&m=127909326909362&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=oss-security&m=127909326909362&w=2"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
"url": "http://secunia.com/advisories/48951",
"refsource": "MISC",
"name": "http://secunia.com/advisories/48951"
},
{
"name": "[oss-security] 20100714 Re: Multiple bugs in freetype",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127909326909362&w=2"
"url": "http://securitytracker.com/id?1024266",
"refsource": "MISC",
"name": "http://securitytracker.com/id?1024266"
},
{
"name": "DSA-2070",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2070"
"url": "http://www.debian.org/security/2010/dsa-2070",
"refsource": "MISC",
"name": "http://www.debian.org/security/2010/dsa-2070"
},
{
"name": "[oss-security] 20100713 Multiple bugs in freetype",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127905701201340&w=2"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"
},
{
"name": "1024266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024266"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0578.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0578.html"
},
{
"name": "RHSA-2010:0578",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0578.html"
"url": "http://www.ubuntu.com/usn/USN-963-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-963-1"
},
{
"name": "MDVSA-2010:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"
"url": "https://access.redhat.com/errata/RHSA-2010:0578",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0578"
},
{
"name": "RHSA-2010:0577",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0577.html"
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee",
"refsource": "MISC",
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee"
},
{
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0577.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0577.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=613167",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=613167"
"url": "https://access.redhat.com/errata/RHSA-2010:0577",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0577"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-2500",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-2500"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=613167",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=613167"
},
{
"url": "https://savannah.nongnu.org/bugs/?30263",
"refsource": "MISC",
"name": "https://savannah.nongnu.org/bugs/?30263"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

196
2010/2xxx/CVE-2010-2519.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2519",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file."
"value": "CVE-2010-2519 freetype: heap buffer overflow vulnerability when processing certain font files"
}
]
},
@ -44,88 +21,159 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.1.9-14.el4.8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.2.1-25.el5_5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "USN-963-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-963-1"
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
"url": "http://support.apple.com/kb/HT4435",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT4435"
},
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d"
"url": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html",
"refsource": "MISC",
"name": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=613194",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=613194"
"url": "http://marc.info/?l=oss-security&m=127905701201340&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=oss-security&m=127905701201340&w=2"
},
{
"name": "[freetype] 20100712 FreeType 2.4.0 has been released",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"
"url": "http://marc.info/?l=oss-security&m=127909326909362&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=oss-security&m=127909326909362&w=2"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
"url": "http://secunia.com/advisories/48951",
"refsource": "MISC",
"name": "http://secunia.com/advisories/48951"
},
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b"
"url": "http://securitytracker.com/id?1024266",
"refsource": "MISC",
"name": "http://securitytracker.com/id?1024266"
},
{
"name": "[oss-security] 20100714 Re: Multiple bugs in freetype",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127909326909362&w=2"
"url": "http://www.debian.org/security/2010/dsa-2070",
"refsource": "MISC",
"name": "http://www.debian.org/security/2010/dsa-2070"
},
{
"name": "https://savannah.nongnu.org/bugs/?30306",
"refsource": "CONFIRM",
"url": "https://savannah.nongnu.org/bugs/?30306"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"
},
{
"name": "DSA-2070",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2070"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0578.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0578.html"
},
{
"name": "[oss-security] 20100713 Multiple bugs in freetype",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127905701201340&w=2"
"url": "http://www.ubuntu.com/usn/USN-963-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-963-1"
},
{
"name": "1024266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024266"
"url": "https://access.redhat.com/errata/RHSA-2010:0578",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0578"
},
{
"name": "RHSA-2010:0578",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0578.html"
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b",
"refsource": "MISC",
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b"
},
{
"name": "MDVSA-2010:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d",
"refsource": "MISC",
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d"
},
{
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
"url": "https://access.redhat.com/security/cve/CVE-2010-2519",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-2519"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=613194",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=613194"
},
{
"url": "https://savannah.nongnu.org/bugs/?30306",
"refsource": "MISC",
"name": "https://savannah.nongnu.org/bugs/?30306"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

279
2010/2xxx/CVE-2010-2521.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2521",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions."
"value": "CVE-2010-2521 kernel: nfsd4: bug in read_buf"
}
]
},
@ -44,113 +21,237 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "MRG for RHEL-5",
"version": {
"version_data": [
{
"version_value": "0:2.6.24.7-161.el5rt",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.6.9-89.0.28.EL",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-194.11.1.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5.3.Z - Server Only",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-128.26.1.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5.4.Z - Server Only",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-164.30.1.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0610",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0610.html"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"name": "RHSA-2010:0893",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0893.html"
"url": "https://access.redhat.com/errata/RHSA-2010:0631",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0631"
},
{
"name": "USN-1000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1000-1"
"url": "http://secunia.com/advisories/43315",
"refsource": "MISC",
"name": "http://secunia.com/advisories/43315"
},
{
"name": "[oss-security] 20100707 CVE request - kernel: nfsd4: bug in read_buf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/07/1"
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "RHSA-2010:0606",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0606.html"
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "MISC",
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "MDVSA-2010:198",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
},
{
"name": "RHSA-2010:0907",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0907.html"
"url": "http://www.debian.org/security/2010/dsa-2094",
"refsource": "MISC",
"name": "http://www.debian.org/security/2010/dsa-2094"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=612028",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=612028"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0610.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0610.html"
},
{
"name": "SUSE-SA:2010:040",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
"url": "http://www.ubuntu.com/usn/USN-1000-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"name": "MDVSA-2011:051",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
"url": "https://access.redhat.com/errata/RHSA-2010:0610",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0610"
},
{
"name": "43315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43315"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2bc3c1179c781b359d4f2f3439cb3df72afc17fc",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2bc3c1179c781b359d4f2f3439cb3df72afc17fc"
},
{
"name": "DSA-2094",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2094"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
"url": "http://securitytracker.com/id?1024286",
"refsource": "MISC",
"name": "http://securitytracker.com/id?1024286"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2bc3c1179c781b359d4f2f3439cb3df72afc17fc",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2bc3c1179c781b359d4f2f3439cb3df72afc17fc"
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6"
},
{
"name": "1024286",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024286"
"url": "http://www.openwall.com/lists/oss-security/2010/07/07/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/07/07/1"
},
{
"name": "42249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42249"
"url": "http://www.openwall.com/lists/oss-security/2010/07/09/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/07/09/2"
},
{
"name": "ADV-2010-3050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3050"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0893.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0893.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0907.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0907.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6"
"url": "http://www.securityfocus.com/bid/42249",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/42249"
},
{
"name": "[oss-security] 20100708 Re: CVE request - kernel: nfsd4: bug in read_buf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/09/2"
"url": "http://www.vupen.com/english/advisories/2010/3050",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3050"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0606",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0606"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0893",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0893"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0907",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0907"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-2521",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-2521"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=612028",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=612028"
},
{
"url": "https://rhn.redhat.com/errata/RHSA-2010-0606.html",
"refsource": "MISC",
"name": "https://rhn.redhat.com/errata/RHSA-2010-0606.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

386
2010/2xxx/CVE-2010-2936.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2936",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow."
"value": "CVE-2010-2936 OpenOffice.org: Heap-based buffer overflow by parsing specially-crafted Microsoft PowerPoint document"
}
]
},
@ -44,168 +21,243 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 3",
"version": {
"version_data": [
{
"version_value": "0:1.1.2-48.2.0.EL3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:1.1.5-10.6.0.7.EL4.5",
"version_affected": "!"
},
{
"version_value": "1:2.0.4-5.7.0.6.1.el4_8.6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "40775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40775"
},
{
"name": "[dev] 20100806 Two exploitable OpenOffice.org bugs!",
"refsource": "MLIST",
"url": "http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690"
},
{
"name": "MDVSA-2010:221",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"
},
{
"name": "ADV-2010-2003",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2003"
},
{
"name": "60799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60799"
},
{
"name": "1024976",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024976"
},
{
"name": "GLSA-201408-19",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "ADV-2011-0150",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0150"
},
{
"name": "oval:org.mitre.oval:def:12144",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12144"
},
{
"name": "42927",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42927"
},
{
"name": "RHSA-2010:0643",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0643.html"
},
{
"name": "ADV-2011-0230",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "ADV-2010-2149",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2149"
},
{
"name": "[oss-security] 20100811 CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/11/1"
},
{
"name": "ADV-2010-2228",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2228"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=622529#c6",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622529#c6"
},
{
"name": "41235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41235"
},
{
"name": "USN-1056-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1056-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=622555",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622555"
},
{
"name": "ADV-2011-0279",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0279"
},
{
"name": "1024352",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024352"
},
{
"name": "43105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43105"
},
{
"name": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html",
"refsource": "MISC",
"url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "DSA-2099",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2099"
"url": "http://secunia.com/advisories/40775",
"refsource": "MISC",
"name": "http://secunia.com/advisories/40775"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
"url": "http://secunia.com/advisories/41052",
"refsource": "MISC",
"name": "http://secunia.com/advisories/41052"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
"url": "http://secunia.com/advisories/41235",
"refsource": "MISC",
"name": "http://secunia.com/advisories/41235"
},
{
"name": "41052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41052"
"url": "http://secunia.com/advisories/42927",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42927"
},
{
"name": "ADV-2010-2905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2905"
"url": "http://secunia.com/advisories/43105",
"refsource": "MISC",
"name": "http://secunia.com/advisories/43105"
},
{
"name": "[oss-security] 20100811 Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/11/4"
"url": "http://secunia.com/advisories/60799",
"refsource": "MISC",
"name": "http://secunia.com/advisories/60799"
},
{
"url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf",
"refsource": "MISC",
"name": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
},
{
"url": "http://ubuntu.com/usn/usn-1056-1",
"refsource": "MISC",
"name": "http://ubuntu.com/usn/usn-1056-1"
},
{
"url": "http://www.debian.org/security/2010/dsa-2099",
"refsource": "MISC",
"name": "http://www.debian.org/security/2010/dsa-2099"
},
{
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml",
"refsource": "MISC",
"name": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"
},
{
"url": "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html",
"refsource": "MISC",
"name": "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html"
},
{
"url": "http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690",
"refsource": "MISC",
"name": "http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690"
},
{
"url": "http://www.openwall.com/lists/oss-security/2010/08/11/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/08/11/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2010/08/11/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/08/11/4"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2010-0643.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0643.html"
},
{
"url": "http://www.securitytracker.com/id?1024352",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1024352"
},
{
"url": "http://www.securitytracker.com/id?1024976",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1024976"
},
{
"url": "http://www.vupen.com/english/advisories/2010/2003",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/2003"
},
{
"url": "http://www.vupen.com/english/advisories/2010/2149",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/2149"
},
{
"url": "http://www.vupen.com/english/advisories/2010/2228",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/2228"
},
{
"url": "http://www.vupen.com/english/advisories/2010/2905",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/2905"
},
{
"url": "http://www.vupen.com/english/advisories/2011/0150",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0150"
},
{
"url": "http://www.vupen.com/english/advisories/2011/0230",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"url": "http://www.vupen.com/english/advisories/2011/0279",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0279"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0643",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0643"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-2936",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-2936"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622529#c6",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=622529#c6"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=622555",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=622555"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12144",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12144"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

337
2010/3xxx/CVE-2010-3069.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3069",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share."
"value": "CVE-2010-3069 Samba: Stack-based buffer overflow by processing specially-crafted SID records"
}
]
},
@ -44,148 +21,288 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 3",
"version": {
"version_data": [
{
"version_value": "0:3.0.9-1.3E.18",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:3.0.33-0.19.el4_8.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4.7 Z Stream",
"version": {
"version_data": [
{
"version_value": "0:3.0.28-0.10.el4_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:3.0.33-3.29.el5_5.1",
"version_affected": "!"
},
{
"version_value": "0:3.3.8-0.52.el5_5.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5.3.Z - Server Only",
"version": {
"version_data": [
{
"version_value": "0:3.0.33-3.7.el5_3.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5.4.Z - Server Only",
"version": {
"version_data": [
{
"version_value": "0:3.0.33-3.15.el5_4.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.5.4-68.el6_0.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "HPSBUX02657",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130835366526620&w=2"
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "42885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42885"
"url": "http://support.apple.com/kb/HT4581",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT4581"
},
{
"name": "ADV-2010-2378",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2378"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "http://support.apple.com/kb/HT4723",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4723"
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name": "FEDORA-2010-14678",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047697.html"
"url": "http://marc.info/?l=bugtraq&m=130835366526620&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=130835366526620&w=2"
},
{
"name": "http://us1.samba.org/samba/security/CVE-2010-3069.html",
"refsource": "CONFIRM",
"url": "http://us1.samba.org/samba/security/CVE-2010-3069.html"
"url": "http://support.apple.com/kb/HT4723",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT4723"
},
{
"name": "41354",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41354"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047650.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047650.html"
},
{
"name": "APPLE-SA-2011-06-23-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047697.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047697.html"
},
{
"name": "SSRT100460",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130835366526620&w=2"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047758.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047758.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "samba-sidparse-bo(61773)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61773"
"url": "http://secunia.com/advisories/41354",
"refsource": "MISC",
"name": "http://secunia.com/advisories/41354"
},
{
"name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
"url": "http://secunia.com/advisories/41447",
"refsource": "MISC",
"name": "http://secunia.com/advisories/41447"
},
{
"name": "USN-987-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-987-1"
"url": "http://secunia.com/advisories/42531",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42531"
},
{
"name": "1024434",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024434"
"url": "http://secunia.com/advisories/42885",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42885"
},
{
"name": "41447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41447"
"url": "http://us1.samba.org/samba/history/samba-3.5.5.html",
"refsource": "MISC",
"name": "http://us1.samba.org/samba/history/samba-3.5.5.html"
},
{
"name": "FEDORA-2010-14627",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047650.html"
"url": "http://us1.samba.org/samba/security/CVE-2010-3069.html",
"refsource": "MISC",
"name": "http://us1.samba.org/samba/security/CVE-2010-3069.html"
},
{
"name": "42531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42531"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0860.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0860.html"
},
{
"name": "ADV-2010-3126",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3126"
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"name": "http://us1.samba.org/samba/history/samba-3.5.5.html",
"refsource": "CONFIRM",
"url": "http://us1.samba.org/samba/history/samba-3.5.5.html"
"url": "http://www.securityfocus.com/bid/43212",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/43212"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
"url": "http://www.securitytracker.com/id?1024434",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1024434"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
"url": "http://www.ubuntu.com/usn/USN-987-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-987-1"
},
{
"name": "43212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43212"
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
"refsource": "MISC",
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
},
{
"name": "ADV-2011-0091",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0091"
"url": "http://www.vupen.com/english/advisories/2010/2378",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/2378"
},
{
"name": "FEDORA-2010-14768",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047758.html"
"url": "http://www.vupen.com/english/advisories/2010/3126",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
"url": "http://www.vupen.com/english/advisories/2011/0091",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0091"
},
{
"name": "RHSA-2010:0860",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0860.html"
"url": "https://access.redhat.com/errata/RHSA-2010:0697",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0697"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
"url": "https://access.redhat.com/errata/RHSA-2010:0698",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0698"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0860",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0860"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-3069",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-3069"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630869",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=630869"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61773",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61773"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

222
2010/3xxx/CVE-2010-3070.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3070",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to an arbitrary PHP script that uses NuSOAP classes."
"value": "CVE-2010-3070 php-nusoap: XSS vulnerability due improper escaping of URLs"
}
]
},
@ -44,123 +21,178 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100903 CVE request: XSS in nusoap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/03/2"
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595248",
"refsource": "MISC",
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595248"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=629585",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=629585"
"url": "http://git.debian.org/?p=users/olberger-guest/nusoap.git%3Ba=blob%3Bf=debian/patches/595248.patch%3Bh=6af3d725fe74d839764d9755c5bb18458a192518%3Bhb=268f03b88c6900d1a87b17734c248c705c22cb07",
"refsource": "MISC",
"name": "http://git.debian.org/?p=users/olberger-guest/nusoap.git%3Ba=blob%3Bf=debian/patches/595248.patch%3Bh=6af3d725fe74d839764d9755c5bb18458a192518%3Bhb=268f03b88c6900d1a87b17734c248c705c22cb07"
},
{
"name": "FEDORA-2010-15080",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html"
"url": "http://git.debian.org/?p=users/olberger-guest/nusoap.git%3Ba=blobdiff%3Bf=debian/patches/595248.patch%3Bh=11202fa70433b62aeab7dfc68af668329bc0fe7e%3Bhp=6af3d725fe74d839764d9755c5bb18458a192518%3Bhb=3ac7a26a49086c6b91fb79e5acafcfcdc5d6980a%3Bhpb=268f03b88c6900d1a87b17734c248c705c22cb07",
"refsource": "MISC",
"name": "http://git.debian.org/?p=users/olberger-guest/nusoap.git%3Ba=blobdiff%3Bf=debian/patches/595248.patch%3Bh=11202fa70433b62aeab7dfc68af668329bc0fe7e%3Bhp=6af3d725fe74d839764d9755c5bb18458a192518%3Bhb=3ac7a26a49086c6b91fb79e5acafcfcdc5d6980a%3Bhpb=268f03b88c6900d1a87b17734c248c705c22cb07"
},
{
"name": "FEDORA-2010-15082",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html"
"url": "http://git.mantisbt.org/?p=mantisbt.git%3Ba=commit%3Bh=edb817991b99cd5538f102be26865fde7c6b7212",
"refsource": "MISC",
"name": "http://git.mantisbt.org/?p=mantisbt.git%3Ba=commit%3Bh=edb817991b99cd5538f102be26865fde7c6b7212"
},
{
"name": "http://git.debian.org/?p=users/olberger-guest/nusoap.git;a=blob;f=debian/patches/595248.patch;h=6af3d725fe74d839764d9755c5bb18458a192518;hb=268f03b88c6900d1a87b17734c248c705c22cb07",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=users/olberger-guest/nusoap.git;a=blob;f=debian/patches/595248.patch;h=6af3d725fe74d839764d9755c5bb18458a192518;hb=268f03b88c6900d1a87b17734c248c705c22cb07"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048317.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048317.html"
},
{
"name": "[oss-security] 20100907 Re: CVE request: XSS in nusoap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/07/4"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048325.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048325.html"
},
{
"name": "41653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41653"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html"
},
{
"name": "http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html"
},
{
"name": "http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=edb817991b99cd5538f102be26865fde7c6b7212",
"refsource": "CONFIRM",
"url": "http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=edb817991b99cd5538f102be26865fde7c6b7212"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=633011",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=633011"
"url": "http://secunia.com/advisories/41653",
"refsource": "MISC",
"name": "http://secunia.com/advisories/41653"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595248",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595248"
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=4C8FC573.3060900%40leetcode.net",
"refsource": "MISC",
"name": "http://sourceforge.net/mailarchive/message.php?msg_name=4C8FC573.3060900%40leetcode.net"
},
{
"name": "ADV-2010-2535",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2535"
"url": "http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005",
"refsource": "MISC",
"name": "http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005"
},
{
"name": "[oss-security] 20100914 CVE request: mantis before 1.2.3 (XSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/12"
"url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=111",
"refsource": "MISC",
"name": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=111"
},
{
"name": "42959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42959"
"url": "http://www.mantisbt.org/bugs/view.php?id=12312",
"refsource": "MISC",
"name": "http://www.mantisbt.org/bugs/view.php?id=12312"
},
{
"name": "FEDORA-2010-14100",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048325.html"
"url": "http://www.openwall.com/lists/oss-security/2010/09/03/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/09/03/2"
},
{
"name": "FEDORA-2010-14098",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048317.html"
"url": "http://www.openwall.com/lists/oss-security/2010/09/07/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/09/07/4"
},
{
"name": "FEDORA-2010-15061",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html"
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/12",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/09/14/12"
},
{
"name": "[oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/13"
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/09/14/13"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=12312",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=12312"
"url": "http://www.securityfocus.com/bid/42959",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/42959"
},
{
"name": "[mantisbt-announce] 20100914 MantisBT 1.2.3 Released",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=4C8FC573.3060900%40leetcode.net"
"url": "http://www.vupen.com/english/advisories/2010/2535",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/2535"
},
{
"name": "http://git.debian.org/?p=users/olberger-guest/nusoap.git;a=blobdiff;f=debian/patches/595248.patch;h=11202fa70433b62aeab7dfc68af668329bc0fe7e;hp=6af3d725fe74d839764d9755c5bb18458a192518;hb=3ac7a26a49086c6b91fb79e5acafcfcdc5d6980a;hpb=268f03b88c6900d1a87b17734c248c705c22cb07",
"refsource": "CONFIRM",
"url": "http://git.debian.org/?p=users/olberger-guest/nusoap.git;a=blobdiff;f=debian/patches/595248.patch;h=11202fa70433b62aeab7dfc68af668329bc0fe7e;hp=6af3d725fe74d839764d9755c5bb18458a192518;hb=3ac7a26a49086c6b91fb79e5acafcfcdc5d6980a;hpb=268f03b88c6900d1a87b17734c248c705c22cb07"
"url": "https://access.redhat.com/security/cve/CVE-2010-3070",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-3070"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=111",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=111"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=629585",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=629585"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=633011",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=633011"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

429
2010/3xxx/CVE-2010-3081.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3081",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a \"stack pointer underflow\" issue, as exploited in the wild in September 2010."
"value": "CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow"
}
]
},
@ -44,153 +21,325 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "MRG for RHEL-5",
"version": {
"version_data": [
{
"version_value": "0:2.6.24.7-169.el5rt",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 3 Extended Lifecycle Support",
"version": {
"version_data": [
{
"version_value": "0:2.4.21-66.EL",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.6.9-89.29.1.EL",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 4.7 Z Stream",
"version": {
"version_data": [
{
"version_value": "0:2.6.9-78.0.33.EL",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-194.11.4.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5.3.Z - Server Only",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-128.23.2.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5.4.Z - Server Only",
"version": {
"version_data": [
{
"version_value": "0:2.6.18-164.25.2.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-71.7.1.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0017.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0017.html"
},
{
"name": "http://isc.sans.edu/diary.html?storyid=9574",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html",
"refsource": "MISC",
"url": "http://isc.sans.edu/diary.html?storyid=9574"
"name": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
},
{
"name": "ADV-2010-3083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3083"
},
{
"name": "ADV-2010-3117",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3117"
},
{
"name": "http://sota.gen.nz/compat1/",
"url": "https://access.redhat.com/errata/RHSA-2010:0882",
"refsource": "MISC",
"url": "http://sota.gen.nz/compat1/"
"name": "https://access.redhat.com/errata/RHSA-2010:0882"
},
{
"name": "MDVSA-2010:198",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
},
{
"name": "https://access.redhat.com/kb/docs/DOC-40265",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/kb/docs/DOC-40265"
},
{
"name": "20101130 VMSA-2010-0017 VMware ESX third party update for Service Console kerne",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514938/30/30/threaded"
},
{
"name": "42384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42384"
},
{
"name": "20100916 Workaround for Ac1db1tch3z exploit.",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html"
},
{
"name": "SUSE-SA:2011:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name": "RHSA-2010:0842",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"
},
{
"name": "MDVSA-2010:247",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:247"
},
{
"name": "ADV-2011-0298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name": "RHSA-2010:0882",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log"
},
{
"name": "SUSE-SA:2010:050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html"
},
{
"name": "http://blog.ksplice.com/2010/09/cve-2010-3081/",
"url": "http://secunia.com/advisories/43315",
"refsource": "MISC",
"url": "http://blog.ksplice.com/2010/09/cve-2010-3081/"
"name": "http://secunia.com/advisories/43315"
},
{
"name": "43315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43315"
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "MISC",
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
},
{
"name": "20100916 Ac1db1tch3z vs x86_64 Linux Kernel",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c41d68a513c71e35a14f66d71782d27a79a81ea6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c41d68a513c71e35a14f66d71782d27a79a81ea6"
"url": "http://www.vupen.com/english/advisories/2011/0298",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name": "RHSA-2010:0758",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0758.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0842.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=634457",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=634457"
"url": "https://access.redhat.com/errata/RHSA-2010:0842",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0842"
},
{
"name": "MDVSA-2010:214",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:214"
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "[oss-security] 20100916 CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128461522230211&w=2"
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html",
"refsource": "MISC",
"name": "http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html"
},
{
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html",
"refsource": "MISC",
"name": "http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html"
},
{
"url": "http://blog.ksplice.com/2010/09/cve-2010-3081/",
"refsource": "MISC",
"name": "http://blog.ksplice.com/2010/09/cve-2010-3081/"
},
{
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c41d68a513c71e35a14f66d71782d27a79a81ea6",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c41d68a513c71e35a14f66d71782d27a79a81ea6"
},
{
"url": "http://isc.sans.edu/diary.html?storyid=9574",
"refsource": "MISC",
"name": "http://isc.sans.edu/diary.html?storyid=9574"
},
{
"url": "http://marc.info/?l=oss-security&m=128461522230211&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=oss-security&m=128461522230211&w=2"
},
{
"url": "http://secunia.com/advisories/42384",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42384"
},
{
"url": "http://sota.gen.nz/compat1/",
"refsource": "MISC",
"name": "http://sota.gen.nz/compat1/"
},
{
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:214",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:214"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:247",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:247"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2010-0758.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0758.html"
},
{
"url": "http://www.securityfocus.com/archive/1/514938/30/30/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/514938/30/30/threaded"
},
{
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0017.html",
"refsource": "MISC",
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0017.html"
},
{
"url": "http://www.vupen.com/english/advisories/2010/3083",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3083"
},
{
"url": "http://www.vupen.com/english/advisories/2010/3117",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3117"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0704",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0704"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0705",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0705"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0711",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0711"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0718",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0718"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0719",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0719"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0758",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0758"
},
{
"url": "https://access.redhat.com/kb/docs/DOC-40265",
"refsource": "MISC",
"name": "https://access.redhat.com/kb/docs/DOC-40265"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-3081",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-3081"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=634457",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=634457"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

136
2010/3xxx/CVE-2010-3294.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3294",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"value": "CVE-2010-3294 php-pecl-apc: potential XSS in apc.php"
}
]
},
@ -44,43 +21,108 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.1.9-2.el6",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4",
"refsource": "CONFIRM",
"url": "http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4"
"url": "http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4",
"refsource": "MISC",
"name": "http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4"
},
{
"name": "ADV-2010-2406",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2406"
"url": "http://rhn.redhat.com/errata/RHSA-2012-0811.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-0811.html"
},
{
"name": "[oss-security] 20100914 Re: CVE request: xss in pecl-apc before 3.1.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/6"
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/09/14/1"
},
{
"name": "RHSA-2012:0811",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0811.html"
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/09/14/6"
},
{
"name": "[oss-security] 20100914 CVE request: xss in pecl-apc before 3.1.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/1"
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/09/14/8"
},
{
"name": "[oss-security] 20100914 Re: CVE request: xss in pecl-apc before 3.1.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/14/8"
"url": "http://www.vupen.com/english/advisories/2010/2406",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/2406"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:0811",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:0811"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-3294",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-3294"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=634334",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=634334"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

160
2010/3xxx/CVE-2010-3308.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3308",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field."
"value": "CVE-2010-3308 Openswan cisco banner option handling vulnerability"
}
]
},
@ -44,63 +21,128 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.24-8.el6_0.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "41769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41769"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048999.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048999.html"
},
{
"name": "ADV-2010-2526",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2526"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049053.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049053.html"
},
{
"name": "43588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43588"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049073.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049073.html"
},
{
"name": "RHSA-2010:0892",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0892.html"
"url": "http://secunia.com/advisories/41769",
"refsource": "MISC",
"name": "http://secunia.com/advisories/41769"
},
{
"name": "1024749",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024749"
"url": "http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt",
"refsource": "MISC",
"name": "http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt"
},
{
"name": "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch",
"refsource": "CONFIRM",
"url": "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch"
"url": "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch",
"refsource": "MISC",
"name": "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch"
},
{
"name": "FEDORA-2010-15508",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049053.html"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0892.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0892.html"
},
{
"name": "FEDORA-2010-15381",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048999.html"
"url": "http://www.securityfocus.com/bid/43588",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/43588"
},
{
"name": "FEDORA-2010-15516",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049073.html"
"url": "http://www.securitytracker.com/id?1024749",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1024749"
},
{
"name": "http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt",
"refsource": "CONFIRM",
"url": "http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt"
"url": "http://www.vupen.com/english/advisories/2010/2526",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/2526"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0892",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0892"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-3308",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-3308"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=637924",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=637924"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}

258
2010/3xxx/CVE-2010-3709.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3709",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive."
"value": "CVE-2010-3709 php: NULL pointer dereference in ZipArchive::getArchiveComment"
}
]
},
@ -44,153 +21,208 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:5.3.2-6.el6_0.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0077"
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "FEDORA-2010-19011",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html"
"url": "http://support.apple.com/kb/HT4581",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT4581"
},
{
"name": "42812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42812"
"url": "http://www.php.net/ChangeLog-5.php",
"refsource": "MISC",
"name": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "HPSBOV02763",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
"url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
},
{
"name": "HPSBMA02662",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html"
},
{
"name": "MDVSA-2010:218",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:218"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html"
},
{
"name": "20101105 PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/90"
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "RHSA-2011:0195",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0195.html"
"url": "http://secunia.com/advisories/42729",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42729"
},
{
"name": "1024690",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024690"
"url": "http://secunia.com/advisories/42812",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42812"
},
{
"name": "http://www.php.net/releases/5_3_4.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_3_4.php"
"url": "http://securityreason.com/achievement_securityalert/90",
"refsource": "MISC",
"name": "http://securityreason.com/achievement_securityalert/90"
},
{
"name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log"
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619",
"refsource": "MISC",
"name": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log",
"refsource": "MISC",
"name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log"
},
{
"name": "USN-1042-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1042-1"
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log",
"refsource": "MISC",
"name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log"
},
{
"name": "15431",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15431"
"url": "http://www.exploit-db.com/exploits/15431",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/15431"
},
{
"name": "ADV-2011-0021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0021"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:218",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:218"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
"url": "http://www.php.net/archive/2010.php#id2010-12-10-1",
"refsource": "MISC",
"name": "http://www.php.net/archive/2010.php#id2010-12-10-1"
},
{
"name": "SSRT100826",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
"url": "http://www.php.net/releases/5_2_15.php",
"refsource": "MISC",
"name": "http://www.php.net/releases/5_2_15.php"
},
{
"name": "SSA:2010-357-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619"
"url": "http://www.php.net/releases/5_3_4.php",
"refsource": "MISC",
"name": "http://www.php.net/releases/5_3_4.php"
},
{
"name": "ADV-2010-3313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3313"
"url": "http://www.redhat.com/support/errata/RHSA-2011-0195.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2011-0195.html"
},
{
"name": "http://www.php.net/archive/2010.php#id2010-12-10-1",
"refsource": "CONFIRM",
"url": "http://www.php.net/archive/2010.php#id2010-12-10-1"
"url": "http://www.securityfocus.com/bid/44718",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/44718"
},
{
"name": "http://www.php.net/releases/5_2_15.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_2_15.php"
"url": "http://www.securitytracker.com/id?1024690",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1024690"
},
{
"name": "SSRT100409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
"url": "http://www.ubuntu.com/usn/USN-1042-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1042-1"
},
{
"name": "FEDORA-2010-18976",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html"
"url": "http://www.vupen.com/english/advisories/2010/3313",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3313"
},
{
"name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log"
"url": "http://www.vupen.com/english/advisories/2011/0020",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0020"
},
{
"name": "ADV-2011-0020",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0020"
"url": "http://www.vupen.com/english/advisories/2011/0021",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0021"
},
{
"name": "42729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42729"
"url": "http://www.vupen.com/english/advisories/2011/0077",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0077"
},
{
"name": "44718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44718"
"url": "https://access.redhat.com/errata/RHSA-2011:0195",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:0195"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
"url": "https://access.redhat.com/security/cve/CVE-2010-3709",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-3709"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=651206",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=651206"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

237
2010/3xxx/CVE-2010-3847.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3847",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory."
"value": "CVE-2010-3847 glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs"
}
]
},
@ -44,118 +21,194 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Untrusted Search Path",
"cweId": "CWE-426"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.5-49.el5_5.6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.12-1.7.el6_0.3",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "GLSA-201011-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201011-01.xml"
"url": "http://secunia.com/advisories/42787",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42787"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
"url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded",
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
},
{
"name": "http://support.avaya.com/css/P8/documents/100120941",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100120941"
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html",
"refsource": "MISC",
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
},
{
"name": "20101018 The GNU C library dynamic linker expands $ORIGIN in setuid library search path",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Oct/257"
"url": "http://www.vupen.com/english/advisories/2011/0025",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0025"
},
{
"name": "RHSA-2010:0872",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0872.html"
"url": "http://seclists.org/fulldisclosure/2010/Oct/257",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2010/Oct/257"
},
{
"name": "SUSE-SA:2010:052",
"refsource": "SUSE",
"url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html"
"url": "http://seclists.org/fulldisclosure/2010/Oct/292",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2010/Oct/292"
},
{
"name": "MDVSA-2010:207",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:207"
"url": "http://seclists.org/fulldisclosure/2010/Oct/294",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2010/Oct/294"
},
{
"name": "44025",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44025/"
"url": "http://security.gentoo.org/glsa/glsa-201011-01.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201011-01.xml"
},
{
"name": "44024",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44024/"
"url": "http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html",
"refsource": "MISC",
"name": "http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html"
},
{
"name": "DSA-2122",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2122"
"url": "http://support.avaya.com/css/P8/documents/100120941",
"refsource": "MISC",
"name": "http://support.avaya.com/css/P8/documents/100120941"
},
{
"name": "USN-1009-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1009-1"
"url": "http://www.debian.org/security/2010/dsa-2122",
"refsource": "MISC",
"name": "http://www.debian.org/security/2010/dsa-2122"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=643306",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=643306"
"url": "http://www.kb.cert.org/vuls/id/537223",
"refsource": "MISC",
"name": "http://www.kb.cert.org/vuls/id/537223"
},
{
"name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:207",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:207"
},
{
"name": "RHSA-2010:0787",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0787.html"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0872.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0872.html"
},
{
"name": "44154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44154"
"url": "http://www.securityfocus.com/bid/44154",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/44154"
},
{
"name": "20101020 Re: The GNU C library dynamic linker expands $ORIGIN in setuid library search path",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Oct/294"
"url": "http://www.ubuntu.com/usn/USN-1009-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1009-1"
},
{
"name": "42787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42787"
"url": "https://access.redhat.com/errata/RHSA-2010:0787",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0787"
},
{
"name": "ADV-2011-0025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0025"
"url": "https://access.redhat.com/errata/RHSA-2010:0872",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0872"
},
{
"name": "[libc-hacker] 20101018 [PATCH] Never expand $ORIGIN in privileged programs",
"refsource": "MLIST",
"url": "http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html"
"url": "https://access.redhat.com/security/cve/CVE-2010-3847",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-3847"
},
{
"name": "20101019 Re: The GNU C library dynamic linker expands $ORIGIN in setuid library search path",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Oct/292"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=643306",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=643306"
},
{
"name": "VU#537223",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/537223"
"url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html",
"refsource": "MISC",
"name": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html"
},
{
"url": "https://rhn.redhat.com/errata/RHSA-2010-0787.html",
"refsource": "MISC",
"name": "https://rhn.redhat.com/errata/RHSA-2010-0787.html"
},
{
"url": "https://www.exploit-db.com/exploits/44024/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/44024/"
},
{
"url": "https://www.exploit-db.com/exploits/44025/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/44025/"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

302
2010/3xxx/CVE-2010-3855.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3855",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font."
"value": "CVE-2010-3855 Freetype : Heap based buffer overflow in ft_var_readpackedpoints()"
}
]
},
@ -44,163 +21,250 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:2.1.9-17.el4_8.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.2.1-28.el5_5.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.3.11-6.el6_0.2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "43138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43138"
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "42295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42295"
"url": "http://support.apple.com/kb/HT4581",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT4581"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221"
"url": "http://secunia.com/advisories/48951",
"refsource": "MISC",
"name": "http://secunia.com/advisories/48951"
},
{
"name": "http://support.avaya.com/css/P8/documents/100122733",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100122733"
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221",
"refsource": "MISC",
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221"
},
{
"name": "http://support.apple.com/kb/HT4564",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4564"
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a",
"refsource": "MISC",
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a"
},
{
"name": "http://support.apple.com/kb/HT4565",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4565"
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
},
{
"name": "MDVSA-2010:235",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:235"
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4803",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4803"
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "ADV-2011-0246",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0246"
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html"
},
{
"name": "FEDORA-2010-17755",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050965.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050965.html"
},
{
"name": "APPLE-SA-2011-07-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.html"
},
{
"name": "44214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44214"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.html"
},
{
"name": "FEDORA-2010-17742",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050965.html"
"url": "http://secunia.com/advisories/42289",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42289"
},
{
"name": "RHSA-2010:0889",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0889.html"
"url": "http://secunia.com/advisories/42295",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42295"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
"url": "http://secunia.com/advisories/43138",
"refsource": "MISC",
"name": "http://secunia.com/advisories/43138"
},
{
"name": "FEDORA-2010-17728",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.html"
"url": "http://support.apple.com/kb/HT4564",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT4564"
},
{
"name": "USN-1013-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1013-1"
"url": "http://support.apple.com/kb/HT4565",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT4565"
},
{
"name": "42289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42289"
"url": "http://support.apple.com/kb/HT4802",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT4802"
},
{
"name": "APPLE-SA-2011-07-15-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
"url": "http://support.apple.com/kb/HT4803",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT4803"
},
{
"name": "https://savannah.nongnu.org/bugs/?31310",
"refsource": "CONFIRM",
"url": "https://savannah.nongnu.org/bugs/?31310"
"url": "http://support.avaya.com/css/P8/documents/100122733",
"refsource": "MISC",
"name": "http://support.avaya.com/css/P8/documents/100122733"
},
{
"name": "http://support.apple.com/kb/HT4802",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4802"
"url": "http://www.debian.org/security/2011/dsa-2155",
"refsource": "MISC",
"name": "http://www.debian.org/security/2011/dsa-2155"
},
{
"name": "MDVSA-2010:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:236"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:235",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:235"
},
{
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:236",
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:236"
},
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0889.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0889.html"
},
{
"name": "1024745",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024745"
"url": "http://www.securityfocus.com/bid/44214",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/44214"
},
{
"name": "APPLE-SA-2011-03-09-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html"
"url": "http://www.securitytracker.com/id?1024745",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1024745"
},
{
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
"url": "http://www.ubuntu.com/usn/USN-1013-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1013-1"
},
{
"name": "DSA-2155",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2155"
"url": "http://www.vupen.com/english/advisories/2010/3037",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3037"
},
{
"name": "ADV-2010-3037",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3037"
"url": "http://www.vupen.com/english/advisories/2011/0246",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0246"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
"url": "https://access.redhat.com/errata/RHSA-2010:0889",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0889"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-3855",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-3855"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=645275",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=645275"
},
{
"url": "https://savannah.nongnu.org/bugs/?31310",
"refsource": "MISC",
"name": "https://savannah.nongnu.org/bugs/?31310"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

424
2010/3xxx/CVE-2010-3870.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3870",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string."
"value": "CVE-2010-3870 php: XSS mitigation bypass via utf8_decode()"
}
]
},
@ -44,183 +21,270 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 4",
"version": {
"version_data": [
{
"version_value": "0:4.3.9-3.31",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:5.1.6-27.el5_5.3",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:5.3.2-6.el6_0.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/11"
},
{
"name": "ADV-2011-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0077"
},
{
"name": "FEDORA-2010-19011",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html"
},
{
"name": "42812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42812"
},
{
"name": "HPSBOV02763",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/2"
},
{
"name": "RHSA-2011:0195",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0195.html"
},
{
"name": "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/4"
},
{
"name": "1024797",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024797"
},
{
"name": "SUSE-SR:2010:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "http://bugs.php.net/bug.php?id=49687",
"refsource": "CONFIRM",
"url": "http://bugs.php.net/bug.php?id=49687"
},
{
"name": "http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html",
"refsource": "MISC",
"url": "http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf"
"name": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "USN-1042-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1042-1"
},
{
"name": "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/6"
},
{
"name": "RHSA-2010:0919",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0919.html"
},
{
"name": "http://bugs.php.net/bug.php?id=48230",
"url": "http://support.apple.com/kb/HT4581",
"refsource": "MISC",
"url": "http://bugs.php.net/bug.php?id=48230"
"name": "http://support.apple.com/kb/HT4581"
},
{
"name": "ADV-2011-0021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0021"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html",
"url": "http://www.php.net/ChangeLog-5.php",
"refsource": "MISC",
"url": "http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html"
"name": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "SSRT100826",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "[oss-security] 20101102 utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/1"
},
{
"name": "42410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42410"
},
{
"name": "MDVSA-2010:224",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224"
},
{
"name": "FEDORA-2010-18976",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html"
},
{
"name": "[oss-security] 20101103 Re: utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/03/1"
},
{
"name": "http://svn.php.net/viewvc?view=revision&revision=304959",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc?view=revision&revision=304959"
},
{
"name": "ADV-2011-0020",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0020"
},
{
"name": "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/8"
},
{
"name": "44605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44605"
},
{
"name": "http://us2.php.net/manual/en/function.utf8-decode.php#83935",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html",
"refsource": "MISC",
"url": "http://us2.php.net/manual/en/function.utf8-decode.php#83935"
"name": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html",
"refsource": "MISC",
"url": "http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html"
},
{
"name": "ADV-2010-3081",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3081"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"url": "http://secunia.com/advisories/42812",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42812"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2011-0195.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2011-0195.html"
},
{
"url": "http://www.ubuntu.com/usn/USN-1042-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1042-1"
},
{
"url": "http://www.vupen.com/english/advisories/2011/0020",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0020"
},
{
"url": "http://www.vupen.com/english/advisories/2011/0021",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0021"
},
{
"url": "http://www.vupen.com/english/advisories/2011/0077",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2011/0077"
},
{
"url": "https://access.redhat.com/errata/RHSA-2011:0195",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2011:0195"
},
{
"url": "http://bugs.php.net/bug.php?id=48230",
"refsource": "MISC",
"name": "http://bugs.php.net/bug.php?id=48230"
},
{
"url": "http://bugs.php.net/bug.php?id=49687",
"refsource": "MISC",
"name": "http://bugs.php.net/bug.php?id=49687"
},
{
"url": "http://secunia.com/advisories/42410",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42410"
},
{
"url": "http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html",
"refsource": "MISC",
"name": "http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html"
},
{
"url": "http://svn.php.net/viewvc?view=revision&revision=304959",
"refsource": "MISC",
"name": "http://svn.php.net/viewvc?view=revision&revision=304959"
},
{
"url": "http://us2.php.net/manual/en/function.utf8-decode.php#83935",
"refsource": "MISC",
"name": "http://us2.php.net/manual/en/function.utf8-decode.php#83935"
},
{
"url": "http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/",
"refsource": "MISC",
"name": "http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/"
},
{
"url": "http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf",
"refsource": "MISC",
"name": "http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf"
},
{
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224",
"refsource": "MISC",
"name": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224"
},
{
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/11/02/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/11/02/11"
},
{
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/11/02/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/11/02/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/11/02/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/11/02/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2010/11/03/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2010/11/03/1"
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2010-0919.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0919.html"
},
{
"url": "http://www.securityfocus.com/bid/44605",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/44605"
},
{
"url": "http://www.securitytracker.com/id?1024797",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1024797"
},
{
"url": "http://www.vupen.com/english/advisories/2010/3081",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3081"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0919",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0919"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-3870",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-3870"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649056",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=649056"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

224
2010/4xxx/CVE-2010-4179.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4179",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins."
"value": "CVE-2010-4179 schedd plugin: enable QUEUE_ALL_USERS_TRUSTED for Submit/Hold/Release/Remove ops"
}
]
},
@ -44,43 +21,196 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Grid Execute Node for MRG on RHEL-4",
"version": {
"version_data": [
{
"version_value": "0:7.4.4-0.17.el4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Grid for MRG on RHEL-4",
"version": {
"version_data": [
{
"version_value": "0:7.4.4-0.17.el4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Messaging Base for MRG on RHEL-4",
"version": {
"version_data": [
{
"version_value": "0:0.7.946106-14.el4",
"version_affected": "!"
},
{
"version_value": "0:0.7.946106-22.el4",
"version_affected": "!"
},
{
"version_value": "0:0.7.946106-12.el4",
"version_affected": "!"
},
{
"version_value": "0:0.7.4297-4.el4",
"version_affected": "!"
}
]
}
},
{
"product_name": "Messaging for MRG on RHEL-4",
"version": {
"version_data": [
{
"version_value": "0:0.7.946106-14.el4",
"version_affected": "!"
},
{
"version_value": "0:0.7.946106-22.el4",
"version_affected": "!"
},
{
"version_value": "0:0.7.946106-12.el4",
"version_affected": "!"
},
{
"version_value": "0:0.7.4297-4.el4",
"version_affected": "!"
}
]
}
},
{
"product_name": "MRG for RHEL-5",
"version": {
"version_data": [
{
"version_value": "0:7.4.4-0.17.el5",
"version_affected": "!"
},
{
"version_value": "0:0.1.4410-2.el5",
"version_affected": "!"
},
{
"version_value": "0:0.7.946106-14.el5",
"version_affected": "!"
},
{
"version_value": "0:0.7.946106-22.el5",
"version_affected": "!"
},
{
"version_value": "0:0.7.946106-12.el5",
"version_affected": "!"
},
{
"version_value": "0:0.7.4297-4.el5",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1024806",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024806"
"url": "http://secunia.com/advisories/42406",
"refsource": "MISC",
"name": "http://secunia.com/advisories/42406"
},
{
"name": "RHSA-2010:0922",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0922.html"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0921.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0921.html"
},
{
"name": "ADV-2010-3091",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3091"
"url": "http://www.redhat.com/support/errata/RHSA-2010-0922.html",
"refsource": "MISC",
"name": "http://www.redhat.com/support/errata/RHSA-2010-0922.html"
},
{
"name": "42406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42406"
"url": "http://www.securitytracker.com/id?1024806",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1024806"
},
{
"name": "RHSA-2010:0921",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0921.html"
"url": "http://www.vupen.com/english/advisories/2010/3091",
"refsource": "MISC",
"name": "http://www.vupen.com/english/advisories/2010/3091"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=654856",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654856"
"url": "https://access.redhat.com/errata/RHSA-2010:0921",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0921"
},
{
"url": "https://access.redhat.com/errata/RHSA-2010:0922",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2010:0922"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2010-4179",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2010-4179"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654856",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=654856"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}