diff --git a/2012/4xxx/CVE-2012-4444.json b/2012/4xxx/CVE-2012-4444.json index 78df355a1bd..7c614e988ba 100644 --- a/2012/4xxx/CVE-2012-4444.json +++ b/2012/4xxx/CVE-2012-4444.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4444", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,57 +27,81 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", - "refsource": "CONFIRM", - "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36" - }, - { - "name": "SUSE-SU-2013:0856", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00000.html" - }, - { - "name": "RHSA-2012:1580", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2012-1580.html" - }, - { - "name": "[oss-security] 20121109 Re: CVE request --- acceptation of overlapping ipv6 fragments", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/11/09/2" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=874835", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874835" - }, - { - "name": "https://github.com/torvalds/linux/commit/70789d7052239992824628db8133de08dc78e593", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/70789d7052239992824628db8133de08dc78e593" - }, - { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=70789d7052239992824628db8133de08dc78e593", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=70789d7052239992824628db8133de08dc78e593" - }, - { - "name": "https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36", "refsource": "MISC", - "url": "https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf" + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36" }, { - "name": "USN-1661-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1661-1" + "url": "http://rhn.redhat.com/errata/RHSA-2012-1580.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2012-1580.html" }, { - "name": "USN-1660-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1660-1" + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=70789d7052239992824628db8133de08dc78e593", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=70789d7052239992824628db8133de08dc78e593" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00000.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00000.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/11/09/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/11/09/2" + }, + { + "url": "http://www.ubuntu.com/usn/USN-1660-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1660-1" + }, + { + "url": "http://www.ubuntu.com/usn/USN-1661-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1661-1" + }, + { + "url": "https://github.com/torvalds/linux/commit/70789d7052239992824628db8133de08dc78e593", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/70789d7052239992824628db8133de08dc78e593" + }, + { + "url": "https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf", + "refsource": "MISC", + "name": "https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=874835", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=874835" } ] } diff --git a/2012/4xxx/CVE-2012-4445.json b/2012/4xxx/CVE-2012-4445.json index df2de12c63a..2ef6c84117c 100644 --- a/2012/4xxx/CVE-2012-4445.json +++ b/2012/4xxx/CVE-2012-4445.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4445", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,67 +27,91 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de", - "refsource": "CONFIRM", - "url": "http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de" - }, - { - "name": "http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:168", "refsource": "MISC", - "url": "http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt" + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:168" }, { - "name": "[oss-security] 20121008 [PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/10/08/3" + "url": "http://osvdb.org/86051", + "refsource": "MISC", + "name": "http://osvdb.org/86051" }, { - "name": "50805", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50805" + "url": "http://secunia.com/advisories/50805", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50805" }, { - "name": "DSA-2557", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2012/dsa-2557" + "url": "http://secunia.com/advisories/50888", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50888" }, { - "name": "1027808", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id?1027808" + "url": "http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de", + "refsource": "MISC", + "name": "http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de" }, { - "name": "MDVSA-2012:168", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:168" + "url": "http://www.debian.org/security/2012/dsa-2557", + "refsource": "MISC", + "name": "http://www.debian.org/security/2012/dsa-2557" }, { - "name": "86051", - "refsource": "OSVDB", - "url": "http://osvdb.org/86051" + "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc", + "refsource": "MISC", + "name": "http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc" }, { - "name": "55826", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/55826" + "url": "http://www.openwall.com/lists/oss-security/2012/10/08/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/10/08/3" }, { - "name": "FreeBSD-SA-12:07", - "refsource": "FREEBSD", - "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc" + "url": "http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt", + "refsource": "MISC", + "name": "http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt" }, { - "name": "hostapd-eaptls-dos(79104)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79104" + "url": "http://www.securityfocus.com/bid/55826", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55826" }, { - "name": "50888", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50888" + "url": "http://www.securitytracker.com/id?1027808", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id?1027808" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79104", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79104" } ] } diff --git a/2012/4xxx/CVE-2012-4447.json b/2012/4xxx/CVE-2012-4447.json index b10bbadd0f6..67182996c97 100644 --- a/2012/4xxx/CVE-2012-4447.json +++ b/2012/4xxx/CVE-2012-4447.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2012-4447 libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression" + "value": "Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Heap-based Buffer Overflow", - "cweId": "CWE-122" + "value": "n/a" } ] } @@ -32,27 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 5", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.8.2-18.el5_8", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 6", - "version": { - "version_data": [ - { - "version_value": "0:3.9.4-9.el6_3", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -75,11 +63,6 @@ "refsource": "MISC", "name": "http://secunia.com/advisories/49938" }, - { - "url": "https://access.redhat.com/errata/RHSA-2012:1590", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2012:1590" - }, { "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html", "refsource": "MISC", @@ -120,41 +103,11 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/55673" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2012-4447", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2012-4447" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=860198", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=860198" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.8, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4448.json b/2012/4xxx/CVE-2012-4448.json index 74138303576..d26ec04fc0d 100644 --- a/2012/4xxx/CVE-2012-4448.json +++ b/2012/4xxx/CVE-2012-4448.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4448", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugs.gentoo.org/show_bug.cgi?id=436198", - "refsource": "CONFIRM", - "url": "https://bugs.gentoo.org/show_bug.cgi?id=436198" - }, - { - "name": "50715", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50715" - }, - { - "name": "http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html", + "url": "http://openwall.com/lists/oss-security/2012/09/25/15", "refsource": "MISC", - "url": "http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html" + "name": "http://openwall.com/lists/oss-security/2012/09/25/15" }, { - "name": "[oss-security] 20120925 Re: CVE Request -- WordPress (3,4.2): CSRF in the incoming links section of the dashboard", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2012/09/25/15" + "url": "http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=860261", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=860261" + "url": "http://secunia.com/advisories/50715", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50715" + }, + { + "url": "https://bugs.gentoo.org/show_bug.cgi?id=436198", + "refsource": "MISC", + "name": "https://bugs.gentoo.org/show_bug.cgi?id=436198" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=860261", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=860261" } ] } diff --git a/2012/4xxx/CVE-2012-4450.json b/2012/4xxx/CVE-2012-4450.json index 6628cef7215..d9e8b892218 100644 --- a/2012/4xxx/CVE-2012-4450.json +++ b/2012/4xxx/CVE-2012-4450.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4450", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,47 +27,71 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=860772", + "url": "http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=860772" + "name": "http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09" }, { - "name": "https://fedorahosted.org/389/ticket/340", - "refsource": "CONFIRM", - "url": "https://fedorahosted.org/389/ticket/340" + "url": "http://rhn.redhat.com/errata/RHSA-2013-0503.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0503.html" }, { - "name": "http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09", - "refsource": "CONFIRM", - "url": "http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09" + "url": "http://secunia.com/advisories/50713", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50713" }, { - "name": "50713", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50713" + "url": "http://www.openwall.com/lists/oss-security/2012/09/26/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/26/3" }, { - "name": "RHSA-2013:0503", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-0503.html" + "url": "http://www.openwall.com/lists/oss-security/2012/09/26/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/26/5" }, { - "name": "[oss-security] 20120926 CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/26/3" + "url": "http://www.securityfocus.com/bid/55690", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55690" }, { - "name": "[oss-security] 20120926 Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/26/5" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=860772", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=860772" }, { - "name": "55690", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/55690" + "url": "https://fedorahosted.org/389/ticket/340", + "refsource": "MISC", + "name": "https://fedorahosted.org/389/ticket/340" } ] } diff --git a/2012/4xxx/CVE-2012-4454.json b/2012/4xxx/CVE-2012-4454.json index 84ee48634fb..b179227a18b 100644 --- a/2012/4xxx/CVE-2012-4454.json +++ b/2012/4xxx/CVE-2012-4454.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4454", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,72 +27,96 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20120909 Re: CVE request: opencryptoki insecure lock files handling", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/09/2" - }, - { - "name": "[oss-security] 20120924 Re: CVE request: opencryptoki insecure lock files handling", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/25/5" - }, - { - "name": "50702", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50702" - }, - { - "name": "55627", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/55627" - }, - { - "name": "[oss-security] 20120927 Re: CVE request: opencryptoki insecure lock files handling", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/27/2" - }, - { - "name": "[Opencryptoki-tech] 20120223 opencryptoki version 2.4.1 released", - "refsource": "MLIST", - "url": "http://sourceforge.net/mailarchive/message.php?msg_id=28878345" - }, - { - "name": "[oss-security] 20120920 Re: CVE request: opencryptoki insecure lock files handling", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/20/6" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=730636", + "url": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=58345488c9351d9be9a4be27c8b407c2706a33a9", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730636" + "name": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=58345488c9351d9be9a4be27c8b407c2706a33a9" }, { - "name": "opencryptoki-mutliple-symlink(78797)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78797" + "url": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=b7fcb3eb0319183348f1f4fb90ede4edd6487c30", + "refsource": "MISC", + "name": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=b7fcb3eb0319183348f1f4fb90ede4edd6487c30" }, { - "name": "[oss-security] 20120906 CVE request: opencryptoki insecure lock files handling", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/07/2" + "url": "http://secunia.com/advisories/50702", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50702" }, { - "name": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30", - "refsource": "CONFIRM", - "url": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30" + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=28878345", + "refsource": "MISC", + "name": "http://sourceforge.net/mailarchive/message.php?msg_id=28878345" }, { - "name": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9", - "refsource": "CONFIRM", - "url": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9" + "url": "http://www.openwall.com/lists/oss-security/2012/09/07/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/07/2" }, { - "name": "[oss-security] 20120907 Re: CVE request: opencryptoki insecure lock files handling", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/07/6" + "url": "http://www.openwall.com/lists/oss-security/2012/09/07/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/07/6" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/09/09/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/09/2" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/09/20/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/20/6" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/09/25/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/25/5" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/09/27/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/27/2" + }, + { + "url": "http://www.securityfocus.com/bid/55627", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55627" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78797", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78797" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730636", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=730636" } ] } diff --git a/2012/4xxx/CVE-2012-4455.json b/2012/4xxx/CVE-2012-4455.json index 4f500c54c57..0cf3df8d227 100644 --- a/2012/4xxx/CVE-2012-4455.json +++ b/2012/4xxx/CVE-2012-4455.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4455", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,67 +27,91 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20120909 Re: CVE request: opencryptoki insecure lock files handling", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/09/2" - }, - { - "name": "[oss-security] 20120924 Re: CVE request: opencryptoki insecure lock files handling", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/25/5" - }, - { - "name": "50702", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50702" - }, - { - "name": "55627", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/55627" - }, - { - "name": "[oss-security] 20120927 Re: CVE request: opencryptoki insecure lock files handling", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/27/2" - }, - { - "name": "opencryptoki-file-symlink(78943)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78943" - }, - { - "name": "[oss-security] 20120920 Re: CVE request: opencryptoki insecure lock files handling", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/20/6" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=730636", + "url": "http://secunia.com/advisories/50702", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730636" + "name": "http://secunia.com/advisories/50702" }, { - "name": "[Opencryptoki-tech] 20120427 opencryptoki release 2.4.2", - "refsource": "MLIST", - "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29191022" + "url": "http://www.openwall.com/lists/oss-security/2012/09/07/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/07/2" }, { - "name": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=5667edb52cd27b7e512f48f823b4bcc6b872ab15", - "refsource": "CONFIRM", - "url": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=5667edb52cd27b7e512f48f823b4bcc6b872ab15" + "url": "http://www.openwall.com/lists/oss-security/2012/09/07/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/07/6" }, { - "name": "[oss-security] 20120906 CVE request: opencryptoki insecure lock files handling", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/07/2" + "url": "http://www.openwall.com/lists/oss-security/2012/09/09/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/09/2" }, { - "name": "[oss-security] 20120907 Re: CVE request: opencryptoki insecure lock files handling", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/07/6" + "url": "http://www.openwall.com/lists/oss-security/2012/09/20/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/20/6" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/09/25/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/25/5" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/09/27/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/27/2" + }, + { + "url": "http://www.securityfocus.com/bid/55627", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55627" + }, + { + "url": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=5667edb52cd27b7e512f48f823b4bcc6b872ab15", + "refsource": "MISC", + "name": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki%3Ba=commitdiff%3Bh=5667edb52cd27b7e512f48f823b4bcc6b872ab15" + }, + { + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29191022", + "refsource": "MISC", + "name": "http://sourceforge.net/mailarchive/message.php?msg_id=29191022" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78943", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78943" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730636", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=730636" } ] } diff --git a/2012/4xxx/CVE-2012-4456.json b/2012/4xxx/CVE-2012-4456.json index 1ff7f9fc628..99140347f10 100644 --- a/2012/4xxx/CVE-2012-4456.json +++ b/2012/4xxx/CVE-2012-4456.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2012-4456 Openstack Keystone 2012.1.1: fails to validate tokens in Admin API" + "value": "The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Missing Critical Step in Authentication", - "cweId": "CWE-304" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "OpenStack Essex for RHEL 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2012.1.2-4.el6", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -69,16 +68,6 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/55716" }, - { - "url": "https://access.redhat.com/errata/RHSA-2012:1378", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2012:1378" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2012-4456", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2012-4456" - }, { "url": "https://bugs.launchpad.net/keystone/+bug/1006815", "refsource": "MISC", @@ -89,11 +78,6 @@ "refsource": "MISC", "name": "https://bugs.launchpad.net/keystone/+bug/1006822" }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861179", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=861179" - }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78944", "refsource": "MISC", @@ -123,31 +107,11 @@ "url": "https://lists.launchpad.net/openstack/msg17034.html", "refsource": "MISC", "name": "https://lists.launchpad.net/openstack/msg17034.html" - } - ] - }, - "impact": { - "cvss": [ + }, { - "accessComplexity": "LOW", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 7.5, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "version": "2.0" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861179", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=861179" } ] } diff --git a/2012/4xxx/CVE-2012-4457.json b/2012/4xxx/CVE-2012-4457.json index 449af86252f..6e20e99f673 100644 --- a/2012/4xxx/CVE-2012-4457.json +++ b/2012/4xxx/CVE-2012-4457.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4457", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,47 +27,71 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "50665", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50665" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=861180", + "url": "http://secunia.com/advisories/50665", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861180" + "name": "http://secunia.com/advisories/50665" }, { - "name": "[openstack] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)", - "refsource": "MLIST", - "url": "https://lists.launchpad.net/openstack/msg17035.html" + "url": "http://www.securityfocus.com/bid/55716", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55716" }, { - "name": "keystone-xauth-token-sec-bypass(78947)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78947" + "url": "http://www.openwall.com/lists/oss-security/2012/09/28/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/28/6" }, { - "name": "[oss-security] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2012/09/28/6" + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78947", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78947" }, { - "name": "55716", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/55716" + "url": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685", + "refsource": "MISC", + "name": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685" }, { - "name": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5", - "refsource": "CONFIRM", - "url": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5" + "url": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5", + "refsource": "MISC", + "name": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5" }, { - "name": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685", - "refsource": "CONFIRM", - "url": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685" + "url": "https://lists.launchpad.net/openstack/msg17035.html", + "refsource": "MISC", + "name": "https://lists.launchpad.net/openstack/msg17035.html" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861180", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=861180" } ] } diff --git a/2013/1xxx/CVE-2013-1914.json b/2013/1xxx/CVE-2013-1914.json index 22b4f983127..89cf519ddfb 100644 --- a/2013/1xxx/CVE-2013-1914.json +++ b/2013/1xxx/CVE-2013-1914.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1914", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,107 +27,131 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html", - "refsource": "CONFIRM", - "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html" - }, - { - "name": "RHSA-2013:1605", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html" - }, - { - "name": "55113", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/55113" - }, - { - "name": "[oss-security] 20130403 CVE Request: glibc getaddrinfo() stack overflow", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/04/03/2" - }, - { - "name": "USN-1991-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1991-1" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=947882", + "url": "https://security.gentoo.org/glsa/201503-04", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=947882" + "name": "https://security.gentoo.org/glsa/201503-04" }, { - "name": "MDVSA-2013:284", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284" - }, - { - "name": "58839", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/58839" - }, - { - "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330", - "refsource": "CONFIRM", - "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330" - }, - { - "name": "http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1cef1b19089528db11f221e938f60b9b048945d7", - "refsource": "CONFIRM", - "url": "http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1cef1b19089528db11f221e938f60b9b048945d7" - }, - { - "name": "[oss-security] 20130403 Re: CVE Request: glibc getaddrinfo() stack overflow", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/04/03/8" - }, - { - "name": "[oss-security] 20130405 Re: CVE Request: glibc getaddrinfo() stack overflow", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/04/05/1" - }, - { - "name": "GLSA-201503-04", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201503-04" - }, - { - "name": "MDVSA-2013:283", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283" - }, - { - "name": "52817", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/52817" - }, - { - "name": "RHSA-2013:0769", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-0769.html" - }, - { - "name": "MDVSA-2013:163", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163" - }, - { - "name": "https://bugzilla.novell.com/show_bug.cgi?id=813121", + "url": "http://secunia.com/advisories/55113", "refsource": "MISC", - "url": "https://bugzilla.novell.com/show_bug.cgi?id=813121" - }, - { - "refsource": "FULLDISC", - "name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices", - "url": "http://seclists.org/fulldisclosure/2021/Sep/0" + "name": "http://secunia.com/advisories/55113" }, { + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html", - "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html" + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283" + }, + { + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284" + }, + { + "url": "http://www.ubuntu.com/usn/USN-1991-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1991-1" + }, + { + "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2013-0769.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0769.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2013-1605.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1605.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2021/Sep/0", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/Sep/0" + }, + { + "url": "http://secunia.com/advisories/52817", + "refsource": "MISC", + "name": "http://secunia.com/advisories/52817" + }, + { + "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330", + "refsource": "MISC", + "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=15330" + }, + { + "url": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7", + "refsource": "MISC", + "name": "http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7" + }, + { + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:163" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/03/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/03/2" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/03/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/03/8" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/05/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/05/1" + }, + { + "url": "http://www.securityfocus.com/bid/58839", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58839" + }, + { + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html", + "refsource": "MISC", + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html" + }, + { + "url": "https://bugzilla.novell.com/show_bug.cgi?id=813121", + "refsource": "MISC", + "name": "https://bugzilla.novell.com/show_bug.cgi?id=813121" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=947882", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=947882" } ] } diff --git a/2013/1xxx/CVE-2013-1917.json b/2013/1xxx/CVE-2013-1917.json index 13b39cbe987..140e5e2952a 100644 --- a/2013/1xxx/CVE-2013-1917.json +++ b/2013/1xxx/CVE-2013-1917.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1917", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,57 +27,81 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "SUSE-SU-2014:0470", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" + "url": "http://secunia.com/advisories/55082", + "refsource": "MISC", + "name": "http://secunia.com/advisories/55082" }, { - "name": "55082", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/55082" + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201309-24.xml" }, { - "name": "1028455", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1028455" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" }, { - "name": "GLSA-201309-24", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" }, { - "name": "openSUSE-SU-2013:0912", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" }, { - "name": "[oss-security] 20130418 Xen Security Advisory 44 (CVE-2013-1917) - Xen PV DoS vulnerability with SYSENTER", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/04/18/8" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html" }, { - "name": "DSA-2662", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2012/dsa-2662" + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html" }, { - "name": "SUSE-SU-2014:0446", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + "url": "http://www.debian.org/security/2012/dsa-2662", + "refsource": "MISC", + "name": "http://www.debian.org/security/2012/dsa-2662" }, { - "name": "FEDORA-2013-6723", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html" + "url": "http://www.openwall.com/lists/oss-security/2013/04/18/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/18/8" }, { - "name": "SUSE-SU-2014:0411", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" + "url": "http://www.securitytracker.com/id/1028455", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028455" } ] } diff --git a/2013/1xxx/CVE-2013-1918.json b/2013/1xxx/CVE-2013-1918.json index 8101a20cbe1..16146470ff3 100644 --- a/2013/1xxx/CVE-2013-1918.json +++ b/2013/1xxx/CVE-2013-1918.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1918", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,47 +27,71 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "55082", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/55082" + "url": "http://secunia.com/advisories/55082", + "refsource": "MISC", + "name": "http://secunia.com/advisories/55082" }, { - "name": "FEDORA-2013-7432", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html" + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201309-24.xml" }, { - "name": "GLSA-201309-24", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" }, { - "name": "53187", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/53187" + "url": "http://www.debian.org/security/2013/dsa-2666", + "refsource": "MISC", + "name": "http://www.debian.org/security/2013/dsa-2666" }, { - "name": "DSA-2666", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2013/dsa-2666" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html" }, { - "name": "SUSE-SU-2014:0446", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + "url": "http://secunia.com/advisories/53187", + "refsource": "MISC", + "name": "http://secunia.com/advisories/53187" }, { - "name": "[oss-security] 20130502 Xen Security Advisory 45 (CVE-2013-1918) - Several long latency operations are not preemptible", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/05/02/8" + "url": "http://www.openwall.com/lists/oss-security/2013/05/02/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/05/02/8" }, { - "name": "59615", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/59615" + "url": "http://www.securityfocus.com/bid/59615", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59615" } ] } diff --git a/2013/1xxx/CVE-2013-1919.json b/2013/1xxx/CVE-2013-1919.json index 46dbb27b467..7d0b5828e5d 100644 --- a/2013/1xxx/CVE-2013-1919.json +++ b/2013/1xxx/CVE-2013-1919.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1919", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,52 +27,76 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "55082", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/55082" + "url": "http://secunia.com/advisories/55082", + "refsource": "MISC", + "name": "http://secunia.com/advisories/55082" }, { - "name": "GLSA-201309-24", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201309-24.xml" }, { - "name": "openSUSE-SU-2013:0912", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" }, { - "name": "DSA-2662", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2013/dsa-2662" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html" }, { - "name": "SUSE-SU-2014:0446", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html" }, { - "name": "FEDORA-2013-6723", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104538.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104538.html" }, { - "name": "[oss-security] 20130418 Xen Security Advisory 46 (CVE-2013-1919) - Several access permission issues with IRQs for unprivileged guests", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/04/18/6" + "url": "http://www.debian.org/security/2013/dsa-2662", + "refsource": "MISC", + "name": "http://www.debian.org/security/2013/dsa-2662" }, { - "name": "59292", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/59292" + "url": "http://www.openwall.com/lists/oss-security/2013/04/18/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/18/6" }, { - "name": "FEDORA-2013-6641", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104538.html" + "url": "http://www.securityfocus.com/bid/59292", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59292" } ] } diff --git a/2013/1xxx/CVE-2013-1920.json b/2013/1xxx/CVE-2013-1920.json index 7a38da1f6bd..cf9e951bec7 100644 --- a/2013/1xxx/CVE-2013-1920.json +++ b/2013/1xxx/CVE-2013-1920.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1920", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,72 +27,96 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "SUSE-SU-2014:0470", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" + "url": "http://secunia.com/advisories/55082", + "refsource": "MISC", + "name": "http://secunia.com/advisories/55082" }, { - "name": "55082", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/55082" + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201309-24.xml" }, { - "name": "GLSA-201309-24", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" }, { - "name": "[Xen-announce] 20130404 Xen Security Advisory 47 (CVE-2013-1920) - Potential use of freed memory in event channel operations", - "refsource": "MLIST", - "url": "http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" }, { - "name": "92050", - "refsource": "OSVDB", - "url": "http://osvdb.org/92050" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" }, { - "name": "xen-cve20131920-code-exec(83226)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83226" + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html" }, { - "name": "openSUSE-SU-2013:0912", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html" + "url": "http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html", + "refsource": "MISC", + "name": "http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html" }, { - "name": "52857", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/52857" + "url": "http://osvdb.org/92050", + "refsource": "MISC", + "name": "http://osvdb.org/92050" }, { - "name": "58880", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/58880" + "url": "http://secunia.com/advisories/52857", + "refsource": "MISC", + "name": "http://secunia.com/advisories/52857" }, { - "name": "SUSE-SU-2014:0446", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + "url": "http://www.openwall.com/lists/oss-security/2013/04/04/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/04/7" }, { - "name": "SUSE-SU-2014:0411", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" + "url": "http://www.securityfocus.com/bid/58880", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58880" }, { - "name": "1028388", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1028388" + "url": "http://www.securitytracker.com/id/1028388", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028388" }, { - "name": "[oss-security] 20130404 Xen Security Advisory 47 (CVE-2013-1920) - Potential use of freed memory in event channel operations", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/04/04/7" + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83226", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83226" } ] } diff --git a/2013/1xxx/CVE-2013-1921.json b/2013/1xxx/CVE-2013-1921.json index fb2b9a6e88f..f880458df47 100644 --- a/2013/1xxx/CVE-2013-1921.json +++ b/2013/1xxx/CVE-2013-1921.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1921", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2014:0029", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1437.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=948106", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948106" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1207.html" }, { - "name": "RHSA-2013:1209", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1208.html" }, { - "name": "RHSA-2013:1437", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1209.html" }, { - "name": "RHSA-2013:1207", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0029.html" }, { - "name": "RHSA-2013:1208", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948106", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=948106" } ] } diff --git a/2013/1xxx/CVE-2013-1922.json b/2013/1xxx/CVE-2013-1922.json index 2e89b9b1a68..c9c7d49e01a 100644 --- a/2013/1xxx/CVE-2013-1922.json +++ b/2013/1xxx/CVE-2013-1922.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1922", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,47 +27,71 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "FEDORA-2013-6221", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103637.html" + "url": "http://secunia.com/advisories/55082", + "refsource": "MISC", + "name": "http://secunia.com/advisories/55082" }, { - "name": "55082", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/55082" + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201309-24.xml" }, { - "name": "FEDORA-2013-6185", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.html" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.html" }, { - "name": "GLSA-201309-24", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103637.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103637.html" }, { - "name": "FEDORA-2013-6211", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104036.html" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104036.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104036.html" }, { - "name": "[oss-security] 20130416 CVE-2013-1922 -- qemu: qemu-nbd block format auto-detection vulnerability", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/04/16/2" + "url": "http://www.openwall.com/lists/oss-security/2013/04/15/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/15/3" }, { - "name": "1028426", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1028426" + "url": "http://www.openwall.com/lists/oss-security/2013/04/16/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/16/2" }, { - "name": "[oss-security] 20130415 Xen Security Advisory 48 (CVE-2013-1922) - qemu-nbd format-guessing due to missing format specification", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/04/15/3" + "url": "http://www.securitytracker.com/id/1028426", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028426" } ] } diff --git a/2013/1xxx/CVE-2013-1923.json b/2013/1xxx/CVE-2013-1923.json index 7894770f6c4..3f0b7978c92 100644 --- a/2013/1xxx/CVE-2013-1923.json +++ b/2013/1xxx/CVE-2013-1923.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1923", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,47 +27,71 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "58854", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/58854" + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00142.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00142.html" }, { - "name": "[linux-nfs] 20130403 Re: [PATCH] Avoid PTR lookups when possible", - "refsource": "MLIST", - "url": "http://marc.info/?l=linux-nfs&m=136500502805121&w=2" + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00146.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00146.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=948072", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948072" + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00172.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00172.html" }, { - "name": "openSUSE-SU-2013:1048", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00172.html" + "url": "http://marc.info/?l=linux-nfs&m=136491998607561&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=linux-nfs&m=136491998607561&w=2" }, { - "name": "openSUSE-SU-2013:1012", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00142.html" + "url": "http://marc.info/?l=linux-nfs&m=136500502805121&w=2", + "refsource": "MISC", + "name": "http://marc.info/?l=linux-nfs&m=136500502805121&w=2" }, { - "name": "openSUSE-SU-2013:1016", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00146.html" + "url": "http://www.securityfocus.com/bid/58854", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58854" }, { - "name": "nfsutils-cve20131923-spoofing(85331)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85331" + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85331", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85331" }, { - "name": "[linux-nfs] 20130402 Re: [PATCH] Avoid PTR lookups when possible", - "refsource": "MLIST", - "url": "http://marc.info/?l=linux-nfs&m=136491998607561&w=2" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948072", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=948072" } ] } diff --git a/2013/1xxx/CVE-2013-1928.json b/2013/1xxx/CVE-2013-1928.json index a28cad12be5..9533b8363a8 100644 --- a/2013/1xxx/CVE-2013-1928.json +++ b/2013/1xxx/CVE-2013-1928.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1928", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,57 +27,81 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "openSUSE-SU-2013:0847", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1645.html" }, { - "name": "https://github.com/torvalds/linux/commit/12176503366885edd542389eed3aaf94be163fdb", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/12176503366885edd542389eed3aaf94be163fdb" + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html" }, { - "name": "[oss-security] 20130405 Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/04/06/2" + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00000.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00000.html" }, { - "name": "SUSE-SU-2013:0856", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00000.html" + "url": "http://www.ubuntu.com/usn/USN-1829-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1829-1" }, { - "name": "USN-1829-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1829-1" + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=12176503366885edd542389eed3aaf94be163fdb", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=12176503366885edd542389eed3aaf94be163fdb" }, { - "name": "[oss-security] 20130409 Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/04/09/6" + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.5", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.5" }, { - "name": "RHSA-2013:1645", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html" + "url": "http://www.openwall.com/lists/oss-security/2013/04/06/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/06/2" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=949567", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=949567" + "url": "http://www.openwall.com/lists/oss-security/2013/04/09/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/09/6" }, { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=12176503366885edd542389eed3aaf94be163fdb", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=12176503366885edd542389eed3aaf94be163fdb" + "url": "https://github.com/torvalds/linux/commit/12176503366885edd542389eed3aaf94be163fdb", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/12176503366885edd542389eed3aaf94be163fdb" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.5", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.5" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=949567", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=949567" } ] } diff --git a/2013/4xxx/CVE-2013-4393.json b/2013/4xxx/CVE-2013-4393.json index c350bd72bde..b7d1713244b 100644 --- a/2013/4xxx/CVE-2013-4393.json +++ b/2013/4xxx/CVE-2013-4393.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4393", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,27 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "GLSA-201612-34", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201612-34" + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "refsource": "MISC", + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357" }, { - "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "refsource": "CONFIRM", - "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357" + "url": "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/01/9" }, { - "name": "[oss-security] 20131001 Re: [CVE request] systemd", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/10/01/9" + "url": "https://security.gentoo.org/glsa/201612-34", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201612-34" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=859104", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=859104" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=859104", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=859104" } ] } diff --git a/2013/4xxx/CVE-2013-4394.json b/2013/4xxx/CVE-2013-4394.json index 8abfe7d571c..73122346f91 100644 --- a/2013/4xxx/CVE-2013-4394.json +++ b/2013/4xxx/CVE-2013-4394.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4394", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "GLSA-201612-34", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201612-34" + "url": "http://www.debian.org/security/2013/dsa-2777", + "refsource": "MISC", + "name": "http://www.debian.org/security/2013/dsa-2777" }, { - "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "refsource": "CONFIRM", - "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357" + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", + "refsource": "MISC", + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=862324", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=862324" + "url": "http://www.openwall.com/lists/oss-security/2013/10/01/9", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/01/9" }, { - "name": "DSA-2777", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2013/dsa-2777" + "url": "https://security.gentoo.org/glsa/201612-34", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201612-34" }, { - "name": "[oss-security] 20131001 Re: [CVE request] systemd", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/10/01/9" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=862324", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=862324" } ] } diff --git a/2013/4xxx/CVE-2013-4397.json b/2013/4xxx/CVE-2013-4397.json index f191b0e0277..4d4c6a5114c 100644 --- a/2013/4xxx/CVE-2013-4397.json +++ b/2013/4xxx/CVE-2013-4397.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2013-4397 libtar: Heap-based buffer overflows by expanding a specially-crafted archive" + "value": "Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Heap-based Buffer Overflow", - "cweId": "CWE-122" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 6", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:1.2.11-17.el6_4.1", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -104,21 +103,6 @@ "refsource": "MISC", "name": "http://www.securitytracker.com/id/1040106" }, - { - "url": "https://access.redhat.com/errata/RHSA-2013:1418", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:1418" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2013-4397", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2013-4397" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1014492", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1014492" - }, { "url": "https://lists.feep.net:8080/pipermail/libtar/2013-October/000361.html", "refsource": "MISC", @@ -130,30 +114,5 @@ "name": "https://source.android.com/security/bulletin/2018-01-01" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 5.1, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4400.json b/2013/4xxx/CVE-2013-4400.json index 4228823a073..f062ef2b75c 100644 --- a/2013/4xxx/CVE-2013-4400.json +++ b/2013/4xxx/CVE-2013-4400.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4400", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,47 +27,71 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "60895", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/60895" + "url": "http://wiki.libvirt.org/page/Maintenance_Releases", + "refsource": "MISC", + "name": "http://wiki.libvirt.org/page/Maintenance_Releases" }, { - "name": "GLSA-201412-04", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml" + "url": "http://secunia.com/advisories/60895", + "refsource": "MISC", + "name": "http://secunia.com/advisories/60895" }, { - "name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e2f27e13b94f7302ad948bcacb5e02c859a25fc", - "refsource": "CONFIRM", - "url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e2f27e13b94f7302ad948bcacb5e02c859a25fc" + "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201412-04.xml" }, { - "name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=b7fcc799ad5d8f3e55b89b94e599903e3c092467", - "refsource": "CONFIRM", - "url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=b7fcc799ad5d8f3e55b89b94e599903e3c092467" + "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=3e2f27e13b94f7302ad948bcacb5e02c859a25fc", + "refsource": "MISC", + "name": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=3e2f27e13b94f7302ad948bcacb5e02c859a25fc" }, { - "name": "http://wiki.libvirt.org/page/Maintenance_Releases", - "refsource": "CONFIRM", - "url": "http://wiki.libvirt.org/page/Maintenance_Releases" + "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8c3586ea755c40d5e01b22cb7b5c1e668cdec994", + "refsource": "MISC", + "name": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8c3586ea755c40d5e01b22cb7b5c1e668cdec994" }, { - "name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=8c3586ea755c40d5e01b22cb7b5c1e668cdec994", - "refsource": "CONFIRM", - "url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=8c3586ea755c40d5e01b22cb7b5c1e668cdec994" + "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7fcc799ad5d8f3e55b89b94e599903e3c092467", + "refsource": "MISC", + "name": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7fcc799ad5d8f3e55b89b94e599903e3c092467" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1015228", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015228" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html" }, { - "name": "FEDORA-2013-20869", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015228", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1015228" } ] } diff --git a/2013/4xxx/CVE-2013-4401.json b/2013/4xxx/CVE-2013-4401.json index 62346faf9fe..4a3641d1503 100644 --- a/2013/4xxx/CVE-2013-4401.json +++ b/2013/4xxx/CVE-2013-4401.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4401", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information." + "value": "The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information." } ] }, @@ -50,47 +27,71 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "60895", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/60895" - }, - { - "name": "GLSA-201412-04", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1015259", + "url": "http://wiki.libvirt.org/page/Maintenance_Releases", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015259" + "name": "http://wiki.libvirt.org/page/Maintenance_Releases" }, { - "name": "http://wiki.libvirt.org/page/Maintenance_Releases", - "refsource": "CONFIRM", - "url": "http://wiki.libvirt.org/page/Maintenance_Releases" + "url": "http://secunia.com/advisories/60895", + "refsource": "MISC", + "name": "http://secunia.com/advisories/60895" }, { - "name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c", - "refsource": "CONFIRM", - "url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c" + "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201412-04.xml" }, { - "name": "USN-2026-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2026-1" + "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c", + "refsource": "MISC", + "name": "http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c" }, { - "name": "55210", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/55210" + "url": "http://secunia.com/advisories/55210", + "refsource": "MISC", + "name": "http://secunia.com/advisories/55210" }, { - "name": "1029241", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1029241" + "url": "http://www.securitytracker.com/id/1029241", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1029241" + }, + { + "url": "http://www.ubuntu.com/usn/USN-2026-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2026-1" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015259", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1015259" } ] } diff --git a/2013/4xxx/CVE-2013-4404.json b/2013/4xxx/CVE-2013-4404.json index 7dd6d3d73fa..a73ec098822 100644 --- a/2013/4xxx/CVE-2013-4404.json +++ b/2013/4xxx/CVE-2013-4404.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4404", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,22 +27,46 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038", - "refsource": "CONFIRM", - "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1851.html" }, { - "name": "RHSA-2013:1851", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html" + "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-1852.html" }, { - "name": "RHSA-2013:1852", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html" + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038", + "refsource": "MISC", + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038" } ] } diff --git a/2013/4xxx/CVE-2013-4407.json b/2013/4xxx/CVE-2013-4407.json index 777bacbcb85..fa09187443d 100644 --- a/2013/4xxx/CVE-2013-4407.json +++ b/2013/4xxx/CVE-2013-4407.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4407", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,22 +27,46 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634", - "refsource": "CONFIRM", - "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634" + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634", + "refsource": "MISC", + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634" }, { - "name": "openSUSE-SU-2014:0433", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00018.html" + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00018.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00018.html" }, { - "name": "DSA-2801", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2013/dsa-2801" + "url": "http://www.debian.org/security/2013/dsa-2801", + "refsource": "MISC", + "name": "http://www.debian.org/security/2013/dsa-2801" } ] } diff --git a/2013/4xxx/CVE-2013-4408.json b/2013/4xxx/CVE-2013-4408.json index c8b992258c4..e02a17f84e3 100644 --- a/2013/4xxx/CVE-2013-4408.json +++ b/2013/4xxx/CVE-2013-4408.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2013-4408 samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check" + "value": "Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Heap-based Buffer Overflow", - "cweId": "CWE-122" + "value": "n/a" } ] } @@ -32,42 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 5", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.6.6-0.138.el5_10", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 6", - "version": { - "version_data": [ - { - "version_value": "0:4.0.0-60.el6_5.rc4", - "version_affected": "!" - }, - { - "version_value": "0:3.6.9-167.el6_5", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Storage 2.1", - "version": { - "version_data": [ - { - "version_value": "0:3.6.9-167.5.1.el6rhs", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -169,56 +142,6 @@ "url": "http://www.securityfocus.com/bid/64191", "refsource": "MISC", "name": "http://www.securityfocus.com/bid/64191" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2013:1805", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:1805" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2013:1806", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:1806" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2014:0009", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2014:0009" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2013-4408", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2013-4408" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1018032", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1018032" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 6.8, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "version": "2.0" } ] } diff --git a/2013/4xxx/CVE-2013-4409.json b/2013/4xxx/CVE-2013-4409.json index de4e67fbfb9..5662e80aab6 100644 --- a/2013/4xxx/CVE-2013-4409.json +++ b/2013/4xxx/CVE-2013-4409.json @@ -1,45 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4409", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Python Software Foundation; Beanbag", - "product": { - "product_data": [ - { - "product_name": "Djblets", - "version": { - "version_data": [ - { - "version_value": "0.7.21" - } - ] - } - }, - { - "product_name": "Review Board", - "version": { - "version_data": [ - { - "version_value": "before 1.7.15" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -60,17 +27,72 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Python Software Foundation; Beanbag", + "product": { + "product_data": [ + { + "product_name": "Djblets", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.7.21" + } + ] + } + }, + { + "product_name": "Review Board", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before 1.7.15" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2013-4409", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html", "refsource": "MISC", - "name": "https://security-tracker.debian.org/tracker/CVE-2013-4409" + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html" }, { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409" + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html" + }, + { + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html" + }, + { + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html" + }, + { + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html" + }, + { + "url": "http://www.securityfocus.com/bid/63029", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/63029" }, { "url": "https://access.redhat.com/security/cve/cve-2013-4409", @@ -78,39 +100,19 @@ "name": "https://access.redhat.com/security/cve/cve-2013-4409" }, { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409", "refsource": "MISC", - "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409" }, { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059", "refsource": "MISC", - "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html" + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059" }, { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-4409", "refsource": "MISC", - "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html" - }, - { - "refsource": "MISC", - "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html" - }, - { - "refsource": "MISC", - "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html" - }, - { - "refsource": "MISC", - "name": "http://www.securityfocus.com/bid/63029", - "url": "http://www.securityfocus.com/bid/63029" - }, - { - "refsource": "MISC", - "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059" + "name": "https://security-tracker.debian.org/tracker/CVE-2013-4409" } ] } diff --git a/2018/16xxx/CVE-2018-16847.json b/2018/16xxx/CVE-2018-16847.json index ce646739ceb..d6c1a99b451 100644 --- a/2018/16xxx/CVE-2018-16847.json +++ b/2018/16xxx/CVE-2018-16847.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16847", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "QEMU:", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,54 +15,87 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-787" + "value": "CWE-787", + "cweId": "CWE-787" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "QEMU:", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847" - }, - { - "name": "[oss-security] 20181102 CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations", - "refsource": "MLIST", - "url": "https://www.openwall.com/lists/oss-security/2018/11/02/1" - }, - { - "name": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html", + "url": "http://www.securityfocus.com/bid/105866", "refsource": "MISC", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html" + "name": "http://www.securityfocus.com/bid/105866" }, { - "name": "USN-3826-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3826-1/" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847" }, { - "name": "105866", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/105866" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html" + }, + { + "url": "https://usn.ubuntu.com/3826-1/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/3826-1/" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2018/11/02/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2018/11/02/1" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", + "version": "3.0" } ] } diff --git a/2018/16xxx/CVE-2018-16848.json b/2018/16xxx/CVE-2018-16848.json index d47e79d1f7a..3526a2a9229 100644 --- a/2018/16xxx/CVE-2018-16848.json +++ b/2018/16xxx/CVE-2018-16848.json @@ -1,34 +1,19 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-16848", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "openstack-mistral", - "version": { - "version_data": [ - { - "version_value": "up to and including 7.0.3" - } - ] - } - } - ] - } - } - ] - } + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service." + } + ] }, "problemtype": { "problemtype_data": [ @@ -42,25 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "openstack-mistral", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "up to and including 7.0.3" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645332", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1645332", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645332" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1645332" }, { + "url": "https://bugs.launchpad.net/mistral/+bug/1785657", "refsource": "MISC", - "name": "https://bugs.launchpad.net/mistral/+bug/1785657", - "url": "https://bugs.launchpad.net/mistral/+bug/1785657" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service." + "name": "https://bugs.launchpad.net/mistral/+bug/1785657" } ] } diff --git a/2018/16xxx/CVE-2018-16864.json b/2018/16xxx/CVE-2018-16864.json index 3ff8f29ea04..db1cd9ced72 100644 --- a/2018/16xxx/CVE-2018-16864.json +++ b/2018/16xxx/CVE-2018-16864.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges." + "value": "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Allocation of Resources Without Limits or Throttling", + "value": "CWE-770", "cweId": "CWE-770" } ] @@ -32,90 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "The systemd Project", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "systemd", "version": { "version_data": [ { - "version_value": "0:219-62.el7_6.2", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", - "version": { - "version_data": [ - { - "version_value": "0:219-30.el7_3.13", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:219-30.el7_3.13", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", - "version": { - "version_data": [ - { - "version_value": "0:219-30.el7_3.13", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:219-42.el7_4.13", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:219-57.el7_5.5", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:4.2-8.1.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.2-20190129.0.el7_6", - "version_affected": "!" - }, - { - "version_value": "0:4.2-20190129.0.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "through v240" } ] } @@ -203,16 +129,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2019:2402" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-16864", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-16864" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653855", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1653855" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864", "refsource": "MISC", @@ -225,18 +141,6 @@ } ] }, - "work_around": [ - { - "lang": "en", - "value": "To increase the time an attacker needs to exploit this flaw you could override the `StartLimitInterval=` (called StartLimitIntervalSec in newer systemd versions) and `StartLimitBurst=` settings. In this way the attack may require much longer to be successful.\n\nTo edit the journald service use `sudo systemctl edit systemd-journald.service` and add:\n```\n[Service]\nStartLimitInterval=120\nStartLimitBurst=3\n```" - } - ], - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Qualys Research Labs for reporting this issue." - } - ], "impact": { "cvss": [ { diff --git a/2018/16xxx/CVE-2018-16865.json b/2018/16xxx/CVE-2018-16865.json index a282fc22fac..8cc234f53a4 100644 --- a/2018/16xxx/CVE-2018-16865.json +++ b/2018/16xxx/CVE-2018-16865.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges." + "value": "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Allocation of Resources Without Limits or Throttling", + "value": "CWE-770", "cweId": "CWE-770" } ] @@ -32,90 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "The systemd Project", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "systemd", "version": { "version_data": [ { - "version_value": "0:219-62.el7_6.2", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", - "version": { - "version_data": [ - { - "version_value": "0:219-30.el7_3.13", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:219-30.el7_3.13", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", - "version": { - "version_data": [ - { - "version_value": "0:219-30.el7_3.13", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:219-42.el7_4.13", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:219-57.el7_5.5", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:4.2-8.1.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.2-20190129.0.el7_6", - "version_affected": "!" - }, - { - "version_value": "0:4.2-20190129.0.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "through v240" } ] } @@ -228,16 +154,6 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/106525" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-16865", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-16865" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653861", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1653861" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865", "refsource": "MISC", @@ -245,12 +161,6 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Qualys Research Labs for reporting this issue." - } - ], "impact": { "cvss": [ { diff --git a/2018/16xxx/CVE-2018-16866.json b/2018/16xxx/CVE-2018-16866.json index bf176aaea69..5382173a17a 100644 --- a/2018/16xxx/CVE-2018-16866.json +++ b/2018/16xxx/CVE-2018-16866.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data." + "value": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable." } ] }, @@ -21,7 +21,16 @@ "description": [ { "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "value": "CWE-125", + "cweId": "CWE-125" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-200", "cweId": "CWE-200" } ] @@ -32,82 +41,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "The systemd Project", "product": { "product_data": [ { - "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", + "product_name": "systemd", "version": { "version_data": [ { - "version_value": "1.4.15-28", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "0:219-67.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", - "version": { - "version_data": [ - { - "version_value": "0:219-42.el7_4.20", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:219-42.el7_4.20", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", - "version": { - "version_data": [ - { - "version_value": "0:219-42.el7_4.20", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:219-57.el7_5.9", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:219-62.el7_6.11", - "version_affected": "!" + "version_affected": "=", + "version_value": "from v221 to v239" } ] } @@ -140,11 +83,6 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/106527" }, - { - "url": "https://access.redhat.com/errata/RHBA-2020:0547", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHBA-2020:0547" - }, { "url": "https://access.redhat.com/errata/RHSA-2019:2091", "refsource": "MISC", @@ -160,21 +98,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2020:0593" }, - { - "url": "https://access.redhat.com/errata/RHSA-2020:1264", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2020:1264" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-16866", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-16866" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653867", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1653867" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", "refsource": "MISC", @@ -212,12 +135,6 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Qualys Research Labs for reporting this issue." - } - ], "impact": { "cvss": [ { diff --git a/2018/16xxx/CVE-2018-16868.json b/2018/16xxx/CVE-2018-16868.json index 65a9ce1e2e4..2bfe6a288ce 100644 --- a/2018/16xxx/CVE-2018-16868.json +++ b/2018/16xxx/CVE-2018-16868.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16868", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "gnutls", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,54 +15,87 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.7/CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-203" + "value": "CWE-203", + "cweId": "CWE-203" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "gnutls", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "106080", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106080" - }, - { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1353", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html" - }, - { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1477", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html" - }, - { - "name": "http://cat.eyalro.net/", + "url": "http://cat.eyalro.net/", "refsource": "MISC", - "url": "http://cat.eyalro.net/" + "name": "http://cat.eyalro.net/" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868" + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html" + }, + { + "url": "http://www.securityfocus.com/bid/106080", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/106080" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" } ] } diff --git a/2018/16xxx/CVE-2018-16869.json b/2018/16xxx/CVE-2018-16869.json index 4020cdcbc8a..64c430921a6 100644 --- a/2018/16xxx/CVE-2018-16869.json +++ b/2018/16xxx/CVE-2018-16869.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16869", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "nettle", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,44 +15,77 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.7/CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-203" + "value": "CWE-203", + "cweId": "CWE-203" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "nettle", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "106092", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106092" - }, - { - "name": "http://cat.eyalro.net/", + "url": "http://cat.eyalro.net/", "refsource": "MISC", - "url": "http://cat.eyalro.net/" + "name": "http://cat.eyalro.net/" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869" + "url": "http://www.securityfocus.com/bid/106092", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/106092" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" } ] } diff --git a/2018/16xxx/CVE-2018-16880.json b/2018/16xxx/CVE-2018-16880.json index cef5b848bfe..01d72f59cd8 100644 --- a/2018/16xxx/CVE-2018-16880.json +++ b/2018/16xxx/CVE-2018-16880.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16880", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "kernel", - "version": { - "version_data": [ - { - "version_value": "from v4.16 and newer" - } - ] - } - } - ] - }, - "vendor_name": "The Linux Foundation" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -38,59 +15,92 @@ } ] }, - "impact": { - "cvss": [ - [ - { - "vectorString": "5.9/CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", - "version": "3.0" - } - ] - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-787" + "value": "CWE-787", + "cweId": "CWE-787" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Linux Foundation", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "from v4.16 and newer" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-3903-2", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3903-2/" + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880" + "url": "http://www.securityfocus.com/bid/106735", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/106735" }, { - "name": "106735", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106735" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880" }, { - "name": "USN-3903-1", - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/3903-1/" + "url": "https://support.f5.com/csp/article/K03593314", + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K03593314" }, { - "refsource": "CONFIRM", - "name": "https://support.f5.com/csp/article/K03593314", - "url": "https://support.f5.com/csp/article/K03593314" + "url": "https://usn.ubuntu.com/3903-1/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/3903-1/" }, { - "refsource": "SUSE", - "name": "openSUSE-SU-2019:1404", - "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html" + "url": "https://usn.ubuntu.com/3903-2/", + "refsource": "MISC", + "name": "https://usn.ubuntu.com/3903-2/" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" } ] } diff --git a/2018/16xxx/CVE-2018-16884.json b/2018/16xxx/CVE-2018-16884.json index 9f76aed294f..0424e0fa693 100644 --- a/2018/16xxx/CVE-2018-16884.json +++ b/2018/16xxx/CVE-2018-16884.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Use After Free", + "value": "CWE-416", "cweId": "CWE-416" } ] @@ -32,72 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "[UNKNOWN]", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 7", + "product_name": "kernel:", "version": { "version_data": [ { - "version_value": "0:3.10.0-957.27.2.rt56.940.el7", - "version_affected": "!" - }, - { - "version_value": "0:3.10.0-957.27.2.el7", - "version_affected": "!" - }, - { - "version_value": "0:4.14.0-115.26.1.el7a", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "0:3.10.0-693.58.1.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "0:4.18.0-147.rt24.93.el8", - "version_affected": "!" - }, - { - "version_value": "0:4.18.0-147.el8", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", - "version": { - "version_data": [ - { - "version_value": "0:4.18.0-80.15.1.el8_0", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "1:3.10.0-693.58.1.rt56.652.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -170,21 +114,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2020:0204" }, - { - "url": "https://access.redhat.com/errata/RHSA-2020:2854", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2020:2854" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2018-16884", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2018-16884" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660375", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1660375" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884", "refsource": "MISC", @@ -237,12 +166,6 @@ } ] }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Evgenii Shatokhin (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting this issue." - } - ], "impact": { "cvss": [ {