admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-13 04:01:08 +00:00
parent 8a02665aa8
commit f42d149bda
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
36 changed files with 1216 additions and 4734 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2012/3xxx/CVE-2012-3524.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2012-3524 dbus: privilege escalation when libdbus is used in setuid/setgid application"
"value": "libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: \"we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus.\""
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path",
"cweId": "CWE-426"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "1:1.2.24-7.el6_3",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -154,16 +153,6 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1576-2"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1261",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1261"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-3524",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-3524"
},
{
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=52202",
"refsource": "MISC",
@ -180,30 +169,5 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=847402"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}
}

147
2012/3xxx/CVE-2012-3525.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3525",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,67 +27,91 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1538",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"
},
{
"name": "[oss-security] 20120822 CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/5"
},
{
"name": "[oss-security] 20120822 Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/6"
},
{
"name": "55167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55167"
},
{
"name": "50124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50124"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=850872",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"
"name": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"name": "APPLE-SA-2013-03-14-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"name": "http://xmpp.org/resources/security-notices/server-dialback/",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1538.html",
"refsource": "MISC",
"url": "http://xmpp.org/resources/security-notices/server-dialback/"
"name": "http://rhn.redhat.com/errata/RHSA-2012-1538.html"
},
{
"name": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d",
"refsource": "CONFIRM",
"url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"
},
{
"name": "RHSA-2012:1539",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1539.html"
"url": "http://secunia.com/advisories/50124",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50124"
},
{
"name": "[jabberd2] 20120821 Fwd: [Security] Vulnerability in XMPP Server Dialback Implementations",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/jabberd2@lists.xiaoka.com/msg01903.html"
"url": "http://secunia.com/advisories/50859",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50859"
},
{
"name": "50859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50859"
"url": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html",
"refsource": "MISC",
"name": "http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/22/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/22/6"
},
{
"url": "http://www.securityfocus.com/bid/55167",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55167"
},
{
"url": "http://xmpp.org/resources/security-notices/server-dialback/",
"refsource": "MISC",
"name": "http://xmpp.org/resources/security-notices/server-dialback/"
},
{
"url": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d",
"refsource": "MISC",
"name": "https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=850872",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=850872"
}
]
}

52
2012/3xxx/CVE-2012-3535.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2012-3535 openjpeg: heap-based buffer overflow when decoding jpeg2000 files"
"value": "Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:1.3-9.el6_3",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -110,49 +109,14 @@
"name": "http://www.securityfocus.com/bid/55214"
},
{
"url": "https://access.redhat.com/errata/RHSA-2012:1283",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77994",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2012:1283"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2012-3535",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2012-3535"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77994"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=842918",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=842918"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77994",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77994"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

85
2012/3xxx/CVE-2012-3538.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3538",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,32 +27,56 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "cloudforms-pulp-info-disc(80547)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80547"
"url": "http://rhn.redhat.com/errata/RHSA-2012-1543.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2012-1543.html"
},
{
"name": "88139",
"refsource": "OSVDB",
"url": "http://osvdb.org/88139"
"url": "http://secunia.com/advisories/51472",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51472"
},
{
"name": "51472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51472"
"url": "http://www.securityfocus.com/bid/56819",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/56819"
},
{
"name": "RHSA-2012:1543",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1543.html"
"url": "http://osvdb.org/88139",
"refsource": "MISC",
"name": "http://osvdb.org/88139"
},
{
"name": "56819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56819"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80547",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80547"
}
]
}

117
2012/3xxx/CVE-2012-3540.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3540",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake."
"value": "Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake."
}
]
},
@ -50,57 +27,81 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "openstackdashboard-next-open-redirect(78196)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78196"
"url": "http://secunia.com/advisories/50480",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50480"
},
{
"name": "https://bugs.launchpad.net/horizon/+bug/1039077",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/horizon/+bug/1039077"
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/30/4"
},
{
"name": "[oss-security] 20120830 [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3542)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/4"
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/08/30/5"
},
{
"name": "https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b"
"url": "http://www.securityfocus.com/bid/55329",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55329"
},
{
"name": "USN-1565-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1565-1"
"url": "http://www.ubuntu.com/usn/USN-1565-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1565-1"
},
{
"name": "55329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55329"
"url": "https://bugs.launchpad.net/horizon/+bug/1039077",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/horizon/+bug/1039077"
},
{
"name": "[openstack] 20120830 Re: [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540)",
"refsource": "MLIST",
"url": "https://lists.launchpad.net/openstack/msg16281.html"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78196",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78196"
},
{
"name": "50480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50480"
"url": "https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b",
"refsource": "MISC",
"name": "https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b"
},
{
"name": "[oss-security] 20120830 Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/5"
"url": "https://lists.launchpad.net/openstack/msg16278.html",
"refsource": "MISC",
"name": "https://lists.launchpad.net/openstack/msg16278.html"
},
{
"name": "[openstack] 20120830 [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3542)",
"refsource": "MLIST",
"url": "https://lists.launchpad.net/openstack/msg16278.html"
"url": "https://lists.launchpad.net/openstack/msg16281.html",
"refsource": "MISC",
"name": "https://lists.launchpad.net/openstack/msg16281.html"
}
]
}

323
2012/3xxx/CVE-2012-3546.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3546",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,232 +27,246 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "SSRT101139",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
"url": "http://tomcat.apache.org/security-6.html",
"refsource": "MISC",
"name": "http://tomcat.apache.org/security-6.html"
},
{
"name": "1027833",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027833"
"url": "http://tomcat.apache.org/security-7.html",
"refsource": "MISC",
"name": "http://tomcat.apache.org/security-7.html"
},
{
"name": "USN-1685-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1685-1"
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"name": "56812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56812"
"url": "http://secunia.com/advisories/57126",
"refsource": "MISC",
"name": "http://secunia.com/advisories/57126"
},
{
"name": "openSUSE-SU-2012:1700",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1377892",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1377892"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
},
{
"name": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
},
{
"name": "RHSA-2013:0640",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
},
{
"name": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
},
{
"name": "RHSA-2013:0163",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0163.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
},
{
"name": "SSRT101182",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"
},
{
"name": "RHSA-2013:0164",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0164.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
},
{
"name": "RHSA-2013:0192",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
},
{
"name": "RHSA-2013:0198",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
"url": "http://secunia.com/advisories/51984",
"refsource": "MISC",
"name": "http://secunia.com/advisories/51984"
},
{
"name": "RHSA-2013:0641",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0641.html"
"url": "http://secunia.com/advisories/52054",
"refsource": "MISC",
"name": "http://secunia.com/advisories/52054"
},
{
"name": "20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html"
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html",
"refsource": "MISC",
"name": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
},
{
"name": "RHSA-2013:0004",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0004.html"
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
},
{
"name": "RHSA-2013:0195",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
},
{
"name": "RHSA-2013:0221",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
"url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
},
{
"name": "RHSA-2013:0196",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0004.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0004.html"
},
{
"name": "RHSA-2013:0147",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0147.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0005.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0005.html"
},
{
"name": "oval:org.mitre.oval:def:19305",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0146.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0146.html"
},
{
"name": "HPSBMU02873",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0147.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0147.html"
},
{
"name": "RHSA-2013:0158",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0158.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0151.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0151.html"
},
{
"name": "RHSA-2013:0193",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0157.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0157.html"
},
{
"name": "RHSA-2013:0157",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0157.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0158.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0158.html"
},
{
"name": "51984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51984"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0162.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0162.html"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0163.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0163.html"
},
{
"name": "52054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52054"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0164.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0164.html"
},
{
"name": "57126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57126"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0235.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0235.html"
},
{
"name": "RHSA-2013:0146",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0146.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"
},
{
"name": "openSUSE-SU-2013:0147",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"
},
{
"name": "RHSA-2013:0191",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0641.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0641.html"
},
{
"name": "RHSA-2013:0623",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0642.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0642.html"
},
{
"name": "RHSA-2013:0197",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892",
"refsource": "MISC",
"name": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892"
},
{
"name": "RHSA-2013:0235",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0235.html"
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892",
"refsource": "MISC",
"name": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892"
},
{
"name": "RHSA-2013:0642",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0642.html"
"url": "http://svn.apache.org/viewvc?view=revision&revision=1377892",
"refsource": "MISC",
"name": "http://svn.apache.org/viewvc?view=revision&revision=1377892"
},
{
"name": "RHSA-2013:0194",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
"url": "http://www.securityfocus.com/bid/56812",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/56812"
},
{
"name": "HPSBUX02866",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
"url": "http://www.securitytracker.com/id?1027833",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027833"
},
{
"name": "RHSA-2013:0005",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0005.html"
"url": "http://www.ubuntu.com/usn/USN-1685-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1685-1"
},
{
"name": "HPSBST02955",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878",
"refsource": "MISC",
"name": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name": "openSUSE-SU-2012:1701",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
},
{
"name": "RHSA-2013:0162",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0162.html"
},
{
"name": "RHSA-2013:0151",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0151.html"
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305"
}
]
}

97
2012/3xxx/CVE-2012-3548.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3548",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15646",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15646"
"url": "http://secunia.com/advisories/54425",
"refsource": "MISC",
"name": "http://secunia.com/advisories/54425"
},
{
"name": "[oss-security] 20120829 Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/29/4"
"url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml",
"refsource": "MISC",
"name": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name": "54425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54425"
"url": "http://openwall.com/lists/oss-security/2012/08/29/4",
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2012/08/29/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=849926",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849926"
"url": "http://www.securitytracker.com/id?1027464",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027464"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666"
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666",
"refsource": "MISC",
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666"
},
{
"name": "GLSA-201308-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15646",
"refsource": "MISC",
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15646"
},
{
"name": "1027464",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027464"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849926",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=849926"
}
]
}

97
2012/4xxx/CVE-2012-4386.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4386",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/WW-3858",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/WW-3858"
"url": "http://secunia.com/advisories/50420",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50420"
},
{
"name": "apache-struts-csrf(78182)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78182"
"url": "http://struts.apache.org/2.x/docs/s2-010.html",
"refsource": "MISC",
"name": "http://struts.apache.org/2.x/docs/s2-010.html"
},
{
"name": "[oss-security] 20120901 Re: CVE request: Apache Struts S2-010 and S2-011",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/01/5"
"url": "http://www.openwall.com/lists/oss-security/2012/09/01/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/01/4"
},
{
"name": "50420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50420"
"url": "http://www.openwall.com/lists/oss-security/2012/09/01/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/01/5"
},
{
"name": "55346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55346"
"url": "http://www.securityfocus.com/bid/55346",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55346"
},
{
"name": "http://struts.apache.org/2.x/docs/s2-010.html",
"refsource": "CONFIRM",
"url": "http://struts.apache.org/2.x/docs/s2-010.html"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78182",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78182"
},
{
"name": "[oss-security] 20120901 CVE request: Apache Struts S2-010 and S2-011",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/01/4"
"url": "https://issues.apache.org/jira/browse/WW-3858",
"refsource": "MISC",
"name": "https://issues.apache.org/jira/browse/WW-3858"
}
]
}

97
2012/4xxx/CVE-2012-4387.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4387",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "apache-struts-parameters-dos(78183)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78183"
"url": "http://secunia.com/advisories/50420",
"refsource": "MISC",
"name": "http://secunia.com/advisories/50420"
},
{
"name": "http://struts.apache.org/2.x/docs/s2-011.html",
"refsource": "CONFIRM",
"url": "http://struts.apache.org/2.x/docs/s2-011.html"
"url": "http://www.openwall.com/lists/oss-security/2012/09/01/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/01/4"
},
{
"name": "[oss-security] 20120901 Re: CVE request: Apache Struts S2-010 and S2-011",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/01/5"
"url": "http://www.openwall.com/lists/oss-security/2012/09/01/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/01/5"
},
{
"name": "50420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50420"
"url": "http://www.securityfocus.com/bid/55346",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55346"
},
{
"name": "55346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55346"
"url": "http://struts.apache.org/2.x/docs/s2-011.html",
"refsource": "MISC",
"name": "http://struts.apache.org/2.x/docs/s2-011.html"
},
{
"name": "https://issues.apache.org/jira/browse/WW-3860",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/WW-3860"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78183",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78183"
},
{
"name": "[oss-security] 20120901 CVE request: Apache Struts S2-010 and S2-011",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/01/4"
"url": "https://issues.apache.org/jira/browse/WW-3860",
"refsource": "MISC",
"name": "https://issues.apache.org/jira/browse/WW-3860"
}
]
}

554
2013/1xxx/CVE-2013-1808.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2013-1808 stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer"
"value": "Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
"value": "n/a"
}
]
}
@ -32,512 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "RHEL 6 Version of OpenShift Enterprise 1.2",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-2.el6",
"version_affected": "!"
},
{
"version_value": "0:1.6.6-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.0.35-11.el6",
"version_affected": "!"
},
{
"version_value": "0:1.8.0-36.el6",
"version_affected": "!"
},
{
"version_value": "0:3.3.1-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:8.70-15.el6_4.1",
"version_affected": "!"
},
{
"version_value": "0:1.4.22-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:6.5.4.7-6.el6_2",
"version_affected": "!"
},
{
"version_value": "0:1.900.1-15.el6_1.1",
"version_affected": "!"
},
{
"version_value": "0:6.0.0.GA-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:6.0.0.GA-8.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.509.1-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.6.19-0.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.70-12.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.2.1-4.el6",
"version_affected": "!"
},
{
"version_value": "0:1.19-1.el6",
"version_affected": "!"
},
{
"version_value": "0:2007e-11.el6",
"version_affected": "!"
},
{
"version_value": "0:0.37-7.2.el6_4",
"version_affected": "!"
},
{
"version_value": "0:2.5.8-10.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.6.20-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.1.16-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.6.1-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.3.0-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.3.5-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.0.3-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.1-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.0.2-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.22-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.7.6-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.9.1-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.8-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.10-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.7-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.9.8-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.8.6-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.5-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.3.7-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.8-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.4.9-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.2.7-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.9.3-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.9.2-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.9.9-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.6.4-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.0.3-4",
"version_affected": "!"
},
{
"version_value": "0:1.6.1-1.1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.4008-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.31-6.1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.08-3.1.el6",
"version_affected": "!"
},
{
"version_value": "0:3.0.17-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.09-9.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.7-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.13-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.31-3.1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.7901-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.16004-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.1000-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.03-7.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.35-7.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.110-10.1.el6",
"version_affected": "!"
},
{
"version_value": "0:2.15-5.el6",
"version_affected": "!"
},
{
"version_value": "0:0.08-9.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.70-4.el6",
"version_affected": "!"
},
{
"version_value": "0:5.3.3-22.el6",
"version_affected": "!"
},
{
"version_value": "0:5.3.3-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.5.0-0.3.b3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.5.0-0.1.b3.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.2.2-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.1.4-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.11-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.5.3-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.05-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:4.7.0-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.7-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.6.6-3.el6op",
"version_affected": "!"
},
{
"version_value": "1:1.8.5-10.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-8.el6",
"version_affected": "!"
},
{
"version_value": "0:3.0.1-7.el6",
"version_affected": "!"
},
{
"version_value": "0:4.0.3-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-8.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.7-7.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.6.16-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.4.1-7.el6",
"version_affected": "!"
},
{
"version_value": "0:0.0.2-7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.7.3-1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-8.el6",
"version_affected": "!"
},
{
"version_value": "0:0.12.10-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.12.2-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.11.0-2.el6",
"version_affected": "!"
},
{
"version_value": "0:2.11.1-1",
"version_affected": "!"
},
{
"version_value": "0:2.11.1-2",
"version_affected": "!"
},
{
"version_value": "0:1.3.1-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.3.1-3.el6op",
"version_affected": "!"
},
{
"version_value": "1:1.3.2-11.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3.6-1.el6",
"version_affected": "!"
},
{
"version_value": "0:0.0.5-3.el6",
"version_affected": "!"
},
{
"version_value": "0:4.8.1-1.el6",
"version_affected": "!"
},
{
"version_value": "0:2.8.2-8.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.0.94-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.8.3-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.1.2-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.21-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.1.2-5.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.0.7-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.4.3.1-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.3.0-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.9.13-1.2.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.0.5-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.0.17-2.el6op.1",
"version_affected": "!"
},
{
"version_value": "1:1.3.0-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.8.7-2.1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2.4-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.8.4-3.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.0.4-6.el6op",
"version_affected": "!"
},
{
"version_value": "0:3.0.4-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:1.3.3-4.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.14.6-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:0.0.5-93.el6op",
"version_affected": "!"
},
{
"version_value": "0:4.3.3-1.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.8.2-2.el6op",
"version_affected": "!"
},
{
"version_value": "0:2.13.1-6.el6op.1",
"version_affected": "!"
},
{
"version_value": "0:1.6.1-10.el6",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -620,21 +123,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58257"
},
{
"url": "https://access.redhat.com/errata/RHEA-2013:1032",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHEA-2013:1032"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-1808",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1808"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918054",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918054"
},
{
"url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108",
"refsource": "MISC",
@ -644,36 +132,6 @@
"url": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696",
"refsource": "MISC",
"name": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696"
},
{
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02",
"refsource": "MISC",
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

83
2013/1xxx/CVE-2013-1809.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1809",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gambas3",
"product": {
"product_data": [
{
"product_name": "gambas3",
"version": {
"version_data": [
{
"version_value": "3.4.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,17 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gambas3",
"product": {
"product_data": [
{
"product_name": "gambas3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1809",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/4",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1809"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1809",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1809"
"name": "http://www.openwall.com/lists/oss-security/2013/03/03/4"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-1809",
@ -68,19 +64,24 @@
"name": "https://access.redhat.com/security/cve/cve-2013-1809"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1809",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/03/4",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/4"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1809"
},
{
"url": "https://code.google.com/archive/p/gambas/issues/365",
"refsource": "MISC",
"name": "https://code.google.com/archive/p/gambas/issues/365",
"url": "https://code.google.com/archive/p/gambas/issues/365"
"name": "https://code.google.com/archive/p/gambas/issues/365"
},
{
"refsource": "CONFIRM",
"name": "https://sourceforge.net/p/gambas/code/5438/",
"url": "https://sourceforge.net/p/gambas/code/5438/"
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1809",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1809"
},
{
"url": "https://sourceforge.net/p/gambas/code/5438/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/gambas/code/5438/"
}
]
}

97
2013/1xxx/CVE-2013-1812.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1812",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,42 +27,66 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918134",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918134"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120204.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120204.html"
},
{
"name": "https://github.com/openid/ruby-openid/blob/master/CHANGELOG.md",
"refsource": "CONFIRM",
"url": "https://github.com/openid/ruby-openid/blob/master/CHANGELOG.md"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120361.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120361.html"
},
{
"name": "FEDORA-2013-20238",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120361.html"
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/8",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/03/8"
},
{
"name": "https://github.com/openid/ruby-openid/pull/43",
"refsource": "CONFIRM",
"url": "https://github.com/openid/ruby-openid/pull/43"
"url": "https://github.com/openid/ruby-openid/blob/master/CHANGELOG.md",
"refsource": "MISC",
"name": "https://github.com/openid/ruby-openid/blob/master/CHANGELOG.md"
},
{
"name": "https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed",
"refsource": "CONFIRM",
"url": "https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed"
"url": "https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed",
"refsource": "MISC",
"name": "https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed"
},
{
"name": "FEDORA-2013-20260",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120204.html"
"url": "https://github.com/openid/ruby-openid/pull/43",
"refsource": "MISC",
"name": "https://github.com/openid/ruby-openid/pull/43"
},
{
"name": "[oss-security] 20130302 Re: CVE request: ruby-openid XML denial of service attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/8"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918134",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918134"
}
]
}

82
2013/1xxx/CVE-2013-1817.json
View File

@ -1,38 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1817",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mediawiki",
"product": {
"product_data": [
{
"product_name": "mediawiki",
"version": {
"version_data": [
{
"version_value": "1.19.4"
},
{
"version_value": "1.20.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -53,17 +27,45 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mediawiki",
"product": {
"product_data": [
{
"product_name": "mediawiki",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.19.4"
},
{
"version_affected": "=",
"version_value": "1.20.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1817",
"url": "http://security.gentoo.org/glsa/glsa-201310-21.xml",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1817"
"name": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/4",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817"
"name": "http://www.openwall.com/lists/oss-security/2013/03/05/4"
},
{
"url": "http://www.securityfocus.com/bid/58305",
@ -71,19 +73,19 @@
"name": "http://www.securityfocus.com/bid/58305"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201310-21.xml",
"url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1817"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88359",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/05/4",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/4"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88359"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1817",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88359",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88359"
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1817"
}
]
}

52
2013/1xxx/CVE-2013-1819.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2013-1819 kernel: xfs: _xfs_buf_find oops on blocks beyond the filesystem end"
"value": "The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise MRG 2",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.6.11.2-rt33.39.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -115,49 +114,14 @@
"name": "http://www.ubuntu.com/usn/USN-1975-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0829",
"url": "https://github.com/torvalds/linux/commit/eb178619f930fa2ba2348de332a1ff1c66a31424",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0829"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-1819",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1819"
"name": "https://github.com/torvalds/linux/commit/eb178619f930fa2ba2348de332a1ff1c66a31424"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918009",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918009"
},
{
"url": "https://github.com/torvalds/linux/commit/eb178619f930fa2ba2348de332a1ff1c66a31424",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/eb178619f930fa2ba2348de332a1ff1c66a31424"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
]
}

63
2013/1xxx/CVE-2013-1820.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1820",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tuned",
"version": {
"version_data": [
{
"version_value": "2.10.0-1"
}
]
}
}
]
},
"vendor_name": "tuned"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tuned",
"product": {
"product_data": [
{
"product_name": "tuned",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.10.0-1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918233",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1820"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918233"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1820",
@ -63,9 +64,9 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1820"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1820",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918233",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918233"
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1820"
}
]
}

92
2013/1xxx/CVE-2013-1823.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2013-1823 Katello: Notifications page Username XSS"
"value": "Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
"value": "n/a"
}
]
}
@ -32,60 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Subscription Asset Manager 1.2",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:0.7.24-1.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.2.1.1-1h.el6_4",
"version_affected": "!"
},
{
"version_value": "0:1.2.3.1-4h.el6_4",
"version_affected": "!"
},
{
"version_value": "1:3.0.10-12.el6cf",
"version_affected": "!"
},
{
"version_value": "0:3.0.10-3.el6cf",
"version_affected": "!"
},
{
"version_value": "0:2.1.4-3.el6cf",
"version_affected": "!"
},
{
"version_value": "0:1.7.3-2.el6_3",
"version_affected": "!"
},
{
"version_value": "0:1.5.0-0.9.beta4.el6cf",
"version_affected": "!"
},
{
"version_value": "1:1.3.0-4.el6cf",
"version_affected": "!"
},
{
"version_value": "0:0.5.5-2.el6cf",
"version_affected": "!"
},
{
"version_value": "0:3.8-6.el6cf",
"version_affected": "!"
},
{
"version_value": "0:0.0.28.1-1.el6_4",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -108,51 +63,16 @@
"refsource": "MISC",
"name": "http://secunia.com/advisories/52774"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:0686",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:0686"
},
{
"url": "http://www.osvdb.org/91718",
"refsource": "MISC",
"name": "http://www.osvdb.org/91718"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-1823",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-1823"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918784",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918784"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}
}

91
2013/1xxx/CVE-2013-1824.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1824",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1824.html",
"refsource": "CONFIRM",
"url": "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1824.html"
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=188c196d4da60bdde9190d2fc532650d17f7af2d",
"refsource": "MISC",
"name": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=188c196d4da60bdde9190d2fc532650d17f7af2d"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=188c196d4da60bdde9190d2fc532650d17f7af2d",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=188c196d4da60bdde9190d2fc532650d17f7af2d"
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=afe98b7829d50806559acac9b530acb8283c3bf4",
"refsource": "MISC",
"name": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=afe98b7829d50806559acac9b530acb8283c3bf4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918187",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187"
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "APPLE-SA-2013-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
"url": "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1824.html",
"refsource": "MISC",
"name": "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1824.html"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=afe98b7829d50806559acac9b530acb8283c3bf4",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=afe98b7829d50806559acac9b530acb8283c3bf4"
"url": "http://support.apple.com/kb/HT5880",
"refsource": "MISC",
"name": "http://support.apple.com/kb/HT5880"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=918187"
}
]
}

91
2013/1xxx/CVE-2013-1827.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1827",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,37 +27,61 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f"
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4"
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=919164",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919164"
"url": "http://www.openwall.com/lists/oss-security/2013/03/07/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/03/07/2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=276bdb82dedb290511467a5a4fdbe9f0b52dce6f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=276bdb82dedb290511467a5a4fdbe9f0b52dce6f"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=276bdb82dedb290511467a5a4fdbe9f0b52dce6f",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=276bdb82dedb290511467a5a4fdbe9f0b52dce6f"
},
{
"name": "RHSA-2013:0744",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
"url": "https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f"
},
{
"name": "[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919164",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=919164"
}
]
}

171
2013/4xxx/CVE-2013-4330.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4330",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,72 +27,96 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "54888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54888"
},
{
"name": "20130930 CVE-2013-4330: Apache Camel critical disclosure vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Sep/178"
},
{
"name": "RHSA-2013:1862",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1862.html"
},
{
"name": "apache-camel-cve20134330-code-exec(87542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87542"
},
{
"name": "RHSA-2014:0140",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0140.html"
},
{
"name": "RHSA-2014:0124",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0124.html"
},
{
"name": "RHSA-2014:0254",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0254.html"
},
{
"name": "97941",
"refsource": "OSVDB",
"url": "http://osvdb.org/97941"
},
{
"name": "RHSA-2014:0245",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0245.html"
},
{
"name": "http://camel.apache.org/security-advisories.data/CVE-2013-4330.txt.asc?version=1&modificationDate=1380535446943",
"refsource": "CONFIRM",
"url": "http://camel.apache.org/security-advisories.data/CVE-2013-4330.txt.asc?version=1&modificationDate=1380535446943"
},
{
"name": "http://packetstormsecurity.com/files/123454/",
"url": "http://camel.apache.org/security-advisories.data/CVE-2013-4330.txt.asc?version=1&modificationDate=1380535446943",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123454/"
"name": "http://camel.apache.org/security-advisories.data/CVE-2013-4330.txt.asc?version=1&modificationDate=1380535446943"
},
{
"refsource": "MLIST",
"name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E"
"url": "http://osvdb.org/97941",
"refsource": "MISC",
"name": "http://osvdb.org/97941"
},
{
"refsource": "MLIST",
"name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E"
"url": "http://packetstormsecurity.com/files/123454/",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/123454/"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-1862.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1862.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2014-0124.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0124.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2014-0140.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0140.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2014-0245.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0245.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2014-0254.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0254.html"
},
{
"url": "http://seclists.org/fulldisclosure/2013/Sep/178",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Sep/178"
},
{
"url": "http://secunia.com/advisories/54888",
"refsource": "MISC",
"name": "http://secunia.com/advisories/54888"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87542",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87542"
},
{
"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E"
}
]
}

61
2013/4xxx/CVE-2013-4331.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4331",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,12 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/lightdm/%2Bbug/685212",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/lightdm/%2Bbug/685212"
"url": "https://bugs.launchpad.net/lightdm/%2Bbug/685212",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/lightdm/%2Bbug/685212"
}
]
}

69
2013/4xxx/CVE-2013-4332.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application."
"value": "Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:2.5-118.el5_10.2",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.12-1.132.el6",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -95,11 +83,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1605.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1605",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1605"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-1411.html",
"refsource": "MISC",
@ -115,21 +98,6 @@
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/62324"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1411",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1411"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4332",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4332"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007545",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007545"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332",
"refsource": "MISC",
@ -151,30 +119,5 @@
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=15857"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}
}

67
2013/4xxx/CVE-2013-4342.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2013-4342 xinetd: ignores user and group directives for tcpmux services"
"value": "xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization",
"cweId": "CWE-863"
"value": "n/a"
}
]
}
@ -32,27 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "2:2.3.14-20.el5_10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "2:2.3.14-39.el6_4",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -70,21 +58,6 @@
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1409.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1409",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1409"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4342",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4342"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100"
},
{
"url": "https://github.com/xinetd-org/xinetd/pull/10",
"refsource": "MISC",
@ -94,31 +67,11 @@
"url": "https://security.gentoo.org/glsa/201611-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201611-06"
}
]
},
"impact": {
"cvss": [
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1006100"
}
]
}

48
2013/4xxx/CVE-2013-4343.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2013-4343 Kernel: net: use-after-free TUNSETIFF"
"value": "Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise MRG 2",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.8.13-rt14.25.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -104,46 +103,11 @@
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2049-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1490",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1490"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4343",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4343"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007733",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007733"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
}
}

109
2013/4xxx/CVE-2013-4344.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4344",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,52 +27,76 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1281",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
"url": "http://article.gmane.org/gmane.comp.emulators.qemu/237191",
"refsource": "MISC",
"name": "http://article.gmane.org/gmane.comp.emulators.qemu/237191"
},
{
"name": "62773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62773"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
},
{
"name": "[qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.emulators.qemu/237191"
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
},
{
"name": "openSUSE-SU-2014:1279",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
"url": "http://osvdb.org/98028",
"refsource": "MISC",
"name": "http://osvdb.org/98028"
},
{
"name": "[oss-security] 20131002 Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/2"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1553.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1553.html"
},
{
"name": "98028",
"refsource": "OSVDB",
"url": "http://osvdb.org/98028"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1754.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1754.html"
},
{
"name": "RHSA-2013:1754",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1754.html"
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/10/02/2"
},
{
"name": "RHSA-2013:1553",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1553.html"
"url": "http://www.securityfocus.com/bid/62773",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/62773"
},
{
"name": "USN-2092-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2092-1"
"url": "http://www.ubuntu.com/usn/USN-2092-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2092-1"
}
]
}

2334
2013/4xxx/CVE-2013-4347.json
View File

File diff suppressed because it is too large Load Diff

52
2013/4xxx/CVE-2013-4348.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CVE-2013-4348 kernel: net: deadloop path in skb_flow_dissect()"
"value": "The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
"value": "n/a"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise MRG 2",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "0:3.8.13-rt14.25.el6rt",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -75,49 +74,14 @@
"name": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2013:1490",
"url": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6f092343855a71e03b8d209815d8c45bf3a27fcd",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2013:1490"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2013-4348",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2013-4348"
"name": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6f092343855a71e03b8d209815d8c45bf3a27fcd"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007939",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007939"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6f092343855a71e03b8d209815d8c45bf3a27fcd",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=6f092343855a71e03b8d209815d8c45bf3a27fcd"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
]
}

145
2013/4xxx/CVE-2013-4350.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4350",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,82 +27,106 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7"
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"name": "USN-2024-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2024-1"
"url": "http://www.ubuntu.com/usn/USN-2049-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2049-1"
},
{
"name": "[oss-security] 20130913 Re: CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/13/3"
"url": "http://www.ubuntu.com/usn/USN-2019-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2019-1"
},
{
"name": "RHSA-2013:1490",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
"url": "http://www.ubuntu.com/usn/USN-2021-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2021-1"
},
{
"name": "USN-2039-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2039-1"
"url": "http://www.ubuntu.com/usn/USN-2022-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2022-1"
},
{
"name": "USN-2022-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2022-1"
"url": "http://www.ubuntu.com/usn/USN-2024-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2024-1"
},
{
"name": "USN-2038-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2038-1"
"url": "http://www.ubuntu.com/usn/USN-2038-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2038-1"
},
{
"name": "USN-2021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2021-1"
"url": "http://www.ubuntu.com/usn/USN-2039-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2039-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95ee62083cb6453e056562d91f597552021e6ae7",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95ee62083cb6453e056562d91f597552021e6ae7"
"url": "http://www.ubuntu.com/usn/USN-2050-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2050-1"
},
{
"name": "USN-2019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2019-1"
"url": "http://www.ubuntu.com/usn/USN-2041-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2041-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007872",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007872"
"url": "http://www.ubuntu.com/usn/USN-2045-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2045-1"
},
{
"name": "USN-2049-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2049-1"
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95ee62083cb6453e056562d91f597552021e6ae7",
"refsource": "MISC",
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95ee62083cb6453e056562d91f597552021e6ae7"
},
{
"name": "USN-2045-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2045-1"
"url": "http://www.openwall.com/lists/oss-security/2013/09/13/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/13/3"
},
{
"name": "USN-2050-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2050-1"
"url": "https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7"
},
{
"name": "USN-2041-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2041-1"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007872",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007872"
}
]
}

22
2018/10xxx/CVE-2018-10880.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's ext4 filesystem code. A stack-out-of-bounds write in ext4_update_inline_data() is possible when mounting and writing to a crafted ext4 image. An attacker could use this to cause a system crash and a denial of service."
"value": "Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"value": "CWE-787",
"cweId": "CWE-787"
}
]
@ -32,16 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -74,21 +74,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10880",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10880"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200005",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200005"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596812",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1596812"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880",
"refsource": "MISC",

59
2018/10xxx/CVE-2018-10896.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The default cloud-init configuration included \"ssh_deletekeys: 0\", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks."
"value": "The default cloud-init configuration, in cloud-init 0.6.2 and newer, included \"ssh_deletekeys: 0\", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Cryptographic Key",
"value": "CWE-321",
"cweId": "CWE-321"
}
]
@ -32,38 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Canonical",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "cloud-init",
"version": {
"version_data": [
{
"version_value": "0:19.4-7.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:19.4-1.el8.7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "0:18.5-12.el8_2.3",
"version_affected": "!"
"version_affected": "=",
"version_value": "0.6.2"
}
]
}
@ -76,26 +54,6 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2020:3050",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:3050"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:3644",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:3644"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:3898",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:3898"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10896",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10896"
},
{
"url": "https://bugs.launchpad.net/cloud-init/+bug/1781094",
"refsource": "MISC",
@ -106,11 +64,6 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1574338"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598831",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1598831"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10896",
"refsource": "MISC",

58
2018/10xxx/CVE-2018-10897.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files."
"value": "A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Link Resolution Before File Access ('Link Following')",
"value": "CWE-59",
"cweId": "CWE-59"
}
]
@ -32,46 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "The RPM Project",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"product_name": "yum-utils:",
"version": {
"version_data": [
{
"version_value": "0:1.1.30-42.el6_10",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.1.31-46.el7_5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.0.24-1.el7ev",
"version_affected": "!"
},
{
"version_value": "0:4.2-6.0.el7",
"version_affected": "!"
},
{
"version_value": "0:4.2-20180828.2.el7_5",
"version_affected": "!"
"version_affected": "=",
"version_value": "1.1.31"
}
]
}
@ -109,16 +79,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:2626"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10897",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10897"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600221",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1600221"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897",
"refsource": "MISC",
@ -141,12 +101,6 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Aaron Levy (Clover Network) and Jay Grizzard (Clover Network) for reporting this issue."
}
],
"impact": {
"cvss": [
{

55
2018/10xxx/CVE-2018-10910.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication."
"value": "A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization",
"value": "CWE-863",
"cweId": "CWE-863"
}
]
@ -32,27 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "The Bluez Project",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "bluez",
"version": {
"version_data": [
{
"version_value": "0:5.44-6.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "0:5.50-3.el8",
"version_affected": "!"
"version_affected": "=",
"version_value": "before 5.51"
}
]
}
@ -65,26 +54,6 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2020:1101",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1101"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:1912",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2020:1912"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-10910",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-10910"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1606203",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1606203"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910",
"refsource": "MISC",
@ -97,18 +66,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "Disable Bluetooth."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Chris Marchesi for reporting this issue."
}
],
"impact": {
"cvss": [
{

98
2018/10xxx/CVE-2018-10920.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10920",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "knot-resolver",
"version": {
"version_data": [
{
"version_value": "before 2.4.1"
}
]
}
}
]
},
"vendor_name": "cz.nic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,39 +15,72 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
"value": "CWE-20",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cz.nic",
"product": {
"product_data": [
{
"product_name": "knot-resolver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "before 2.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html",
"refsource": "CONFIRM",
"url": "https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10920",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10920"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10920",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10920"
"url": "https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html",
"refsource": "MISC",
"name": "https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
}

110
2018/10xxx/CVE-2018-10937.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10937",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Openshift Container Platform",
"version": {
"version_data": [
{
"version_value": "3.11"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -38,49 +15,82 @@
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.6/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
"value": "CWE-79",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Openshift Container Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937"
"url": "http://www.securityfocus.com/bid/105190",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/105190"
},
{
"name": "105190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105190"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937"
},
{
"name": "https://github.com/openshift/console/pull/461",
"refsource": "CONFIRM",
"url": "https://github.com/openshift/console/pull/461"
"url": "https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c",
"refsource": "MISC",
"name": "https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c"
},
{
"name": "https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c",
"refsource": "CONFIRM",
"url": "https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c"
"url": "https://github.com/openshift/console/pull/461",
"refsource": "MISC",
"name": "https://github.com/openshift/console/pull/461"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
}

116
2018/1xxx/CVE-2018-1088.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation flaw was found in gluster snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink."
"value": "A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment",
"value": "CWE-266",
"cweId": "CWE-266"
}
]
@ -32,80 +32,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "Red Hat, Inc.",
"product": {
"product_data": [
{
"product_name": "Native Client for RHEL 6 for Red Hat Storage",
"product_name": "glusterfs",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.7.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Native Client for RHEL 7 for Red Hat Storage",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.6.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.7.el6rhs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Gluster Storage 3.3 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:3.8.4-54.6.el7rhgs",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.1-11.0.el7",
"version_affected": "!"
},
{
"version_value": "0:4.1-20180426.0",
"version_affected": "!"
},
{
"version_value": "0:1.0.16-0.1.el7ev",
"version_affected": "!"
},
{
"version_value": "0:4.2.0-0.20170814.0.el7",
"version_affected": "!"
},
{
"version_value": "0:4.2-3.0.el7",
"version_affected": "!"
},
{
"version_value": "0:4.2-20180508.0",
"version_affected": "!"
"version_affected": "=",
"version_value": "3.x"
}
]
}
@ -138,11 +74,6 @@
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
},
{
"url": "https://access.redhat.com/articles/3414511",
"refsource": "MISC",
"name": "https://access.redhat.com/articles/3414511"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:1136",
"refsource": "MISC",
@ -158,46 +89,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2018:1275"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1088",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1088"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558721",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1558721"
}
]
},
"work_around": [
{
"lang": "en",
"value": "To limit exposure of gluster server nodes : \n\n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates between gluster server nodes and clients. \n\nCaveat: This would only mitigate attacks from unauthorized malicious clients. gluster clients allowed by auth.allow or having signed TLS client certificates would still be able to trigger this attack."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by John Strunk (Red Hat)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
]
}
}

58
2018/1xxx/CVE-2018-1094.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image."
"value": "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
"value": "NULL pointer dereference"
}
]
}
@ -32,24 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel through version 4.15",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-957.rt56.910.el7",
"version_affected": "!"
},
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-957.el7",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel through version 4.15"
}
]
}
@ -82,21 +73,11 @@
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2018/03/29/1"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1094",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1094"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199183",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199183"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560788",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560788"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957",
"refsource": "MISC",
@ -116,30 +97,11 @@
"url": "https://usn.ubuntu.com/3695-2/",
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3695-2/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Wen Xu for reporting this issue."
}
],
"impact": {
"cvss": [
},
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560788",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560788"
}
]
}

50
2018/1xxx/CVE-2018-1095.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel is vulnerable to an out-of-bound access bug in the fs/posix_acl.c:get_acl() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a system crash or other unspecified impact with a crafted ext4 image. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely."
"value": "The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image."
}
]
},
@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
"value": "NULL pointer dereference"
}
]
}
@ -32,16 +31,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"product_name": "Linux kernel through version 4.15",
"version": {
"version_data": [
{
"version_value": "0:4.14.0-115.el7a",
"version_affected": "!"
"version_affected": "=",
"version_value": "Linux kernel through version 4.15"
}
]
}
@ -74,49 +73,20 @@
"refsource": "MISC",
"name": "https://usn.ubuntu.com/3695-2/"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2018-1095",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2018-1095"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199185",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199185"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560793",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560793"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a852f22df97baa401",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a852f22df97baa401"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Wen Xu for reporting this issue."
}
],
"impact": {
"cvss": [
},
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560793",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1560793"
}
]
}