admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-02 16:00:36 +00:00
parent 9fe5010131
commit f6aed1d65f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
22 changed files with 3442 additions and 1376 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
2004/2xxx/CVE-2004-2771.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2004-2771",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address."
"value": "A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters (CVE-2004-2771) and the direct command execution functionality (CVE-2014-7844)."
}
]
},
@ -44,53 +21,129 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:12.4-8.el6_6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:12.5-12.el7_0",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1999.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
"url": "http://linux.oracle.com/errata/ELSA-2014-1999.html",
"refsource": "MISC",
"name": "http://linux.oracle.com/errata/ELSA-2014-1999.html"
},
{
"name": "DSA-3105",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3105"
"url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
},
{
"name": "61693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61693"
"url": "http://seclists.org/oss-sec/2014/q4/1066",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2014/q4/1066"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748"
"url": "http://secunia.com/advisories/60940",
"refsource": "MISC",
"name": "http://secunia.com/advisories/60940"
},
{
"name": "[oss-security] 20141216 mailx issues (CVE-2004-2771, CVE-2014-7844)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/1066"
"url": "http://secunia.com/advisories/61585",
"refsource": "MISC",
"name": "http://secunia.com/advisories/61585"
},
{
"name": "60940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60940"
"url": "http://secunia.com/advisories/61693",
"refsource": "MISC",
"name": "http://secunia.com/advisories/61693"
},
{
"name": "61585",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61585"
"url": "http://www.debian.org/security/2014/dsa-3105",
"refsource": "MISC",
"name": "http://www.debian.org/security/2014/dsa-3105"
},
{
"name": "RHSA-2014:1999",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html"
"url": "https://access.redhat.com/errata/RHSA-2014:1999",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:1999"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2004-2771",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2004-2771"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748",
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1162783",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1162783"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
]
}

156
2014/8xxx/CVE-2014-8120.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8120",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors."
"value": "It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system."
}
]
},
@ -44,23 +21,132 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.0.4-60.6.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS",
"version": {
"version_data": [
{
"version_value": "0:1.0.4-60.6.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS",
"version": {
"version_data": [
{
"version_value": "0:1.0.4-60.6.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS",
"version": {
"version_data": [
{
"version_value": "0:1.0.4-60.6.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.0.4-70.6.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[Thermostat-announce] 20141216 [SECURITY UPDATE] Thermostat 1.0.6 update released!",
"refsource": "MLIST",
"url": "http://icedtea.classpath.org/pipermail/thermostat-announce/2014-December/000013.html"
"url": "http://icedtea.classpath.org/pipermail/thermostat-announce/2014-December/000013.html",
"refsource": "MISC",
"name": "http://icedtea.classpath.org/pipermail/thermostat-announce/2014-December/000013.html"
},
{
"name": "RHSA-2014:2000",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2000.html"
"url": "http://rhn.redhat.com/errata/RHSA-2014-2000.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-2000.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2014:2000",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2014:2000"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-8120",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-8120"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168977",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1168977"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
}
]
}

270
2014/8xxx/CVE-2014-8127.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8127",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool."
"value": "CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools"
}
]
},
@ -44,88 +21,183 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.9.4-18.el6_8",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.0.3-25.el7_2",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:0450",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html"
},
{
"name": "72323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72323"
},
{
"name": "RHSA-2016:1547",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
},
{
"name": "GLSA-201701-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-16"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2497",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2497"
},
{
"name": "1032760",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032760"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2496",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2496"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2486",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2486"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2484",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2484"
},
{
"name": "DSA-3273",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3273"
},
{
"name": "RHSA-2016:1546",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2485",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2485"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2500",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
},
{
"name": "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2484",
"refsource": "MISC",
"url": "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt"
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2484"
},
{
"name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/24/15"
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2485",
"refsource": "MISC",
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2485"
},
{
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2486",
"refsource": "MISC",
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2486"
},
{
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2496",
"refsource": "MISC",
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2496"
},
{
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2497",
"refsource": "MISC",
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2497"
},
{
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500",
"refsource": "MISC",
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
},
{
"url": "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt",
"refsource": "MISC",
"name": "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt"
},
{
"url": "http://www.debian.org/security/2015/dsa-3273",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3273"
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/01/24/15",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/01/24/15"
},
{
"url": "http://www.securityfocus.com/bid/72323",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/72323"
},
{
"url": "http://www.securitytracker.com/id/1032760",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032760"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1546",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1546"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1547",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1547"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2014-8127",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2014-8127"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185805",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185805"
},
{
"url": "https://security.gentoo.org/glsa/201701-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201701-16"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
}

112
2015/0xxx/CVE-2015-0257.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0257",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory."
"value": "It was discovered that a directory shared between the ovirt-engine-dwhd service and a plug-in used during the service's startup had incorrect permissions. A local user could use this flaw to access files in this directory, which could potentially contain sensitive information."
}
]
},
@ -44,23 +21,88 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "RHEV Manager version 3.5",
"version": {
"version_data": [
{
"version_value": "0:3.5.1-4",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1032231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032231"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0888.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0888.html"
},
{
"name": "RHSA-2015:0888",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0888.html"
"url": "http://www.securitytracker.com/id/1032231",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032231"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0888",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0888"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-0257",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-0257"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189085",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1189085"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

672
2015/1xxx/CVE-2015-1789.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1789",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback."
"value": "An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash."
}
]
},
@ -44,293 +21,380 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:0.9.8e-36.el5_11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.0.1e-30.el6_6.11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "1:1.0.1e-42.el7_1.8",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:1184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"name": "SSRT102180",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"
},
{
"name": "DSA-3287",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"name": "SUSE-SU-2015:1150",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122"
},
{
"name": "SUSE-SU-2015:1183",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"name": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11",
"refsource": "CONFIRM",
"url": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11"
},
{
"name": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"name": "HPSBMU03409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
},
{
"name": "https://openssl.org/news/secadv/20150611.txt",
"refsource": "CONFIRM",
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"name": "RHSA-2015:1115",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "RHSA-2015:1197",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "SUSE-SU-2015:1182",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "SUSE-SU-2015:1143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "1032564",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032564"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
},
{
"name": "FEDORA-2015-10108",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
},
{
"name": "openSUSE-SU-2015:1277",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name": "SUSE-SU-2015:1181",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2639-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2639-1"
},
{
"name": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"name": "GLSA-201506-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "HPSBUX03388",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"name": "FEDORA-2015-10047",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
},
{
"name": "75156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75156"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "https://support.citrix.com/article/CTX216642",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "SUSE-SU-2015:1185",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694"
},
{
"name": "openSUSE-SU-2015:1139",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa98",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733"
},
{
"name": "NetBSD-SA2015-008",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"name": "https://www.openssl.org/news/secadv_20150611.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"name": "HPSBGN03371",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143654156615516&w=2"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"refsource": "MISC",
"name": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"url": "https://support.apple.com/kb/HT205031",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT205031"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
"refsource": "MISC",
"name": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc",
"refsource": "MISC",
"name": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694",
"refsource": "MISC",
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733",
"refsource": "MISC",
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"url": "http://marc.info/?l=bugtraq&m=143654156615516&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=143654156615516&w=2"
},
{
"url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"
},
{
"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
},
{
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl",
"refsource": "MISC",
"name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
},
{
"url": "http://www.debian.org/security/2015/dsa-3287",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3287"
},
{
"url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015",
"refsource": "MISC",
"name": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
},
{
"url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
"refsource": "MISC",
"name": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"url": "http://www.securityfocus.com/bid/75156",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75156"
},
{
"url": "http://www.securityfocus.com/bid/91787",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/91787"
},
{
"url": "http://www.securitytracker.com/id/1032564",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032564"
},
{
"url": "http://www.ubuntu.com/usn/USN-2639-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2639-1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1115",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1115"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1197",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1197"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-1789",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-1789"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa98",
"refsource": "MISC",
"name": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228603",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1228603"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"url": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11",
"refsource": "MISC",
"name": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965",
"refsource": "MISC",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122",
"refsource": "MISC",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122"
},
{
"url": "https://openssl.org/news/secadv/20150611.txt",
"refsource": "MISC",
"name": "https://openssl.org/news/secadv/20150611.txt"
},
{
"url": "https://security.gentoo.org/glsa/201506-02",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201506-02"
},
{
"url": "https://support.citrix.com/article/CTX216642",
"refsource": "MISC",
"name": "https://support.citrix.com/article/CTX216642"
},
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
},
{
"url": "https://www.openssl.org/news/secadv_20150611.txt",
"refsource": "MISC",
"name": "https://www.openssl.org/news/secadv_20150611.txt"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

228
2015/1xxx/CVE-2015-1815.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1815",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name."
"value": "It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command."
}
]
},
@ -44,68 +21,161 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 5",
"version": {
"version_data": [
{
"version_value": "0:2.0.5-7.el5_11",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:3.0.47-6.el6_6.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.2.17-4.1.ael7b_1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.2.17-4.1.el7_1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-4833",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154427.html"
},
{
"name": "73374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73374"
},
{
"name": "36564",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36564/"
},
{
"name": "FEDORA-2015-4838",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154444.html"
},
{
"name": "[oss-security] 20150326 Fwd: setroubleshoot root exploit (CVE-Request)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/26/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1206050",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206050"
},
{
"name": "FEDORA-2015-4792",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154147.html"
},
{
"name": "RHSA-2015:0729",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0729.html"
},
{
"name": "119966",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/119966"
},
{
"name": "https://github.com/stealth/troubleshooter",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154427.html",
"refsource": "MISC",
"url": "https://github.com/stealth/troubleshooter"
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154427.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1203352",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203352"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154444.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154444.html"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154147.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154147.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-0729.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0729.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/03/26/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/03/26/1"
},
{
"url": "http://www.osvdb.org/119966",
"refsource": "MISC",
"name": "http://www.osvdb.org/119966"
},
{
"url": "http://www.securityfocus.com/bid/73374",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/73374"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:0729",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:0729"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-1815",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-1815"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203352",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1203352"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206050",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1206050"
},
{
"url": "https://github.com/stealth/troubleshooter",
"refsource": "MISC",
"name": "https://github.com/stealth/troubleshooter"
},
{
"url": "https://www.exploit-db.com/exploits/36564/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/36564/"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

165
2015/1xxx/CVE-2015-1867.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1867",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command."
"value": "A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well."
}
]
},
@ -44,58 +21,134 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:1.1.12-8.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.1.13-10.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-f9864ecd8f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169995.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170610.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170610.html"
},
{
"name": "RHSA-2015:1424",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1424.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169671.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169671.html"
},
{
"name": "https://github.com/ClusterLabs/pacemaker/commit/84ac07c",
"refsource": "CONFIRM",
"url": "https://github.com/ClusterLabs/pacemaker/commit/84ac07c"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169995.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169995.html"
},
{
"name": "FEDORA-2015-e5e36bbb87",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170610.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1424.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1424.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1211370",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211370"
"url": "http://rhn.redhat.com/errata/RHSA-2015-2383.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-2383.html"
},
{
"name": "GLSA-201710-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-08"
"url": "http://www.securityfocus.com/bid/74231",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74231"
},
{
"name": "74231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74231"
"url": "https://access.redhat.com/errata/RHSA-2015:1424",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1424"
},
{
"name": "RHSA-2015:2383",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2383.html"
"url": "https://access.redhat.com/errata/RHSA-2015:2383",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2383"
},
{
"name": "FEDORA-2015-f6860d8f9d",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169671.html"
"url": "https://access.redhat.com/security/cve/CVE-2015-1867",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-1867"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211370",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1211370"
},
{
"url": "https://github.com/ClusterLabs/pacemaker/commit/84ac07c",
"refsource": "MISC",
"name": "https://github.com/ClusterLabs/pacemaker/commit/84ac07c"
},
{
"url": "https://security.gentoo.org/glsa/201710-08",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201710-08"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
}

137
2015/3xxx/CVE-2015-3182.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3182",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
"value": "CVE-2015-3182 wireshark: crash on sample file genbroad.snoop"
}
]
},
@ -44,43 +21,109 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Incorrect Type Conversion or Cast",
"cweId": "CWE-704"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.10.14-7.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "1032279",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032279"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1219409",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219409"
"url": "http://www.securityfocus.com/bid/74586",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/74586"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://www.securitytracker.com/id/1032279",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1032279"
},
{
"name": "74586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74586"
"url": "https://access.redhat.com/errata/RHSA-2015:2393",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:2393"
},
{
"name": "GLSA-201510-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-03"
"url": "https://access.redhat.com/security/cve/CVE-2015-3182",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3182"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=373deb5f4182a5c4ab8c8418a7bbaa5d6e72bb05",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=373deb5f4182a5c4ab8c8418a7bbaa5d6e72bb05"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219409",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1219409"
},
{
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=373deb5f4182a5c4ab8c8418a7bbaa5d6e72bb05",
"refsource": "MISC",
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=373deb5f4182a5c4ab8c8418a7bbaa5d6e72bb05"
},
{
"url": "https://security.gentoo.org/glsa/201510-03",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201510-03"
}
]
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Martin \u017dember (Red Hat)."
}
],
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

265
2015/3xxx/CVE-2015-3201.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3201",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file."
"value": "It was discovered that the Thermostat web application stored database authentication credentials in a world-readable configuration file. A local user on a system running the Thermostat web application could use this flaw to access and modify monitored JVM data, or perform actions on connected JVMs."
}
]
},
@ -44,43 +21,237 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.0-60.9.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3-60.7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.18-60.5.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.14-60.5.el6",
"version_affected": "!"
},
{
"version_value": "0:2.10-60.6.el6",
"version_affected": "!"
},
{
"version_value": "0:3.6.3-60.4.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2.0-60.10.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS",
"version": {
"version_data": [
{
"version_value": "0:2.0-60.9.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3-60.7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.18-60.5.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.14-60.5.el6",
"version_affected": "!"
},
{
"version_value": "0:2.10-60.6.el6",
"version_affected": "!"
},
{
"version_value": "0:3.6.3-60.4.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2.0-60.10.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS",
"version": {
"version_data": [
{
"version_value": "0:2.0-60.9.el6",
"version_affected": "!"
},
{
"version_value": "0:1.3-60.7.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.18-60.5.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.14-60.5.el6",
"version_affected": "!"
},
{
"version_value": "0:2.10-60.6.el6",
"version_affected": "!"
},
{
"version_value": "0:3.6.3-60.4.el6",
"version_affected": "!"
},
{
"version_value": "0:1.2.0-60.10.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:2.0-70.9.el7",
"version_affected": "!"
},
{
"version_value": "0:1.3-70.3.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.18-70.5.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.14-70.4.el7",
"version_affected": "!"
},
{
"version_value": "0:2.10-70.3.el7",
"version_affected": "!"
},
{
"version_value": "0:3.6.3-70.4.el7",
"version_affected": "!"
},
{
"version_value": "0:1.2.0-70.12.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-8867",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159788.html"
"url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2372",
"refsource": "MISC",
"name": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2372"
},
{
"name": "http://icedtea.classpath.org/hg/thermostat/rev/c2f18f81f57a",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/thermostat/rev/c2f18f81f57a"
"url": "http://icedtea.classpath.org/hg/thermostat/rev/c2f18f81f57a",
"refsource": "MISC",
"name": "http://icedtea.classpath.org/hg/thermostat/rev/c2f18f81f57a"
},
{
"name": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2372",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2372"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159788.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159788.html"
},
{
"name": "RHSA-2015:1052",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1052.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159958.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159958.html"
},
{
"name": "75066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75066"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1052.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1052.html"
},
{
"name": "FEDORA-2015-8919",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159958.html"
"url": "http://www.securityfocus.com/bid/75066",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75066"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1052",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1052"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3201",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3201"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221989",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1221989"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
]
}

139
2015/3xxx/CVE-2015-3213.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3213",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures."
"value": "A flaw was found in the way clutter processed certain mouse and touch gestures. An attacker could use this flaw to bypass the screen lock."
}
]
},
@ -44,38 +21,98 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Authentication Bypass by Primary Weakness",
"cweId": "CWE-305"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.14.4-12.el7_1.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://git.gnome.org/browse/clutter/commit/?h=clutter-1.18&id=97724939c8de004d7fa230f3ff64862d957f93a9",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/clutter/commit/?h=clutter-1.18&id=97724939c8de004d7fa230f3ff64862d957f93a9"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1227098",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227098"
},
{
"name": "RHSA-2015:1510",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1510.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=710227",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=710227"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=749847",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1510.html",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=749847"
"name": "http://rhn.redhat.com/errata/RHSA-2015-1510.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1510",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1510"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3213",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3213"
},
{
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=710227",
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=710227"
},
{
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=749847",
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=749847"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227098",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1227098"
},
{
"url": "https://git.gnome.org/browse/clutter/commit/?h=clutter-1.18&id=97724939c8de004d7fa230f3ff64862d957f93a9",
"refsource": "MISC",
"name": "https://git.gnome.org/browse/clutter/commit/?h=clutter-1.18&id=97724939c8de004d7fa230f3ff64862d957f93a9"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
}

124
2015/3xxx/CVE-2015-3221.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3221",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool."
"value": "A Denial-of-Service flaw was found in the OpenStack Networking (neutron) L2 agent when using the iptables firewall driver. By submitting an address pair that is rejected as invalid by the ipset tool (with zero prefix size), an authenticated attacker can cause the L2 agent to crash."
}
]
},
@ -44,33 +21,98 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Uncaught Exception",
"cweId": "CWE-248"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.2.3-9.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "75368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75368"
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html",
"refsource": "MISC",
"name": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html"
},
{
"name": "[openstack-announce] 20150623 [OSSA 2015-012] Neutron L2 agent DoS through incorrect allowed address pairs (CVE-2015-3221)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1680.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1680.html"
},
{
"name": "https://bugs.launchpad.net/neutron/+bug/1461054",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/neutron/+bug/1461054"
"url": "http://www.securityfocus.com/bid/75368",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75368"
},
{
"name": "RHSA-2015:1680",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1680.html"
"url": "https://access.redhat.com/errata/RHSA-2015:1680",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1680"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-3221",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3221"
},
{
"url": "https://bugs.launchpad.net/neutron/+bug/1461054",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/neutron/+bug/1461054"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232284",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1232284"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
]
}

124
2015/3xxx/CVE-2015-3230.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3230",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher."
"value": "CVE-2015-3230 389-ds-base: nsSSL3Ciphers preference not enforced server side (regression)"
}
]
},
@ -44,33 +21,98 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Use of a Broken or Risky Cryptographic Algorithm",
"cweId": "CWE-327"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:1.3.3.1-20.ael7b_1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://fedorahosted.org/389/ticket/48194",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/389/ticket/48194"
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html",
"refsource": "MISC",
"name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html"
},
{
"name": "FEDORA-2015-15128",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1230996",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230996"
"url": "https://access.redhat.com/errata/RHBA-2015:1554",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2015:1554"
},
{
"name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html"
"url": "https://access.redhat.com/security/cve/CVE-2015-3230",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3230"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230996",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1230996"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232096",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1232096"
},
{
"url": "https://fedorahosted.org/389/ticket/48194",
"refsource": "MISC",
"name": "https://fedorahosted.org/389/ticket/48194"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

163
2015/3xxx/CVE-2015-3280.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3280",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state."
"value": "A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service."
}
]
},
@ -44,38 +21,136 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Missing Release of Resource after Effective Lifetime",
"cweId": "CWE-772"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-3.el6ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.1.5-5.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2014.2.3-31.el7ost",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2015.1.1-3.el7ost",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1898",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1898.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1898.html"
},
{
"name": "https://launchpad.net/bugs/1392527",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1392527"
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
"url": "http://www.securityfocus.com/bid/76553",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76553"
},
{
"name": "76553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76553"
"url": "https://access.redhat.com/errata/RHSA-2015:1898",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1898"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2015-017.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2015-017.html"
"url": "https://access.redhat.com/security/cve/CVE-2015-3280",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-3280"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257942",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1257942"
},
{
"url": "https://launchpad.net/bugs/1392527",
"refsource": "MISC",
"name": "https://launchpad.net/bugs/1392527"
},
{
"url": "https://security.openstack.org/ossa/OSSA-2015-017.html",
"refsource": "MISC",
"name": "https://security.openstack.org/ossa/OSSA-2015-017.html"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
]
}

638
2015/5xxx/CVE-2015-5152.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5152",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack."
"value": "CVE-2015-5152 Foreman: API permits HTTP requests when require_ssl is enabled"
}
]
},
@ -44,23 +21,614 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Cleartext Transmission of Sensitive Information",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Satellite 6.2 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:0.9.54.7-1.el6",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.49-1.el6sat",
"version_affected": "!"
},
{
"version_value": "1:1.11.0.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.4-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.7.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0-10.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.5.0-5.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.56-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.1.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.5-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.8.6-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.3-10.el6",
"version_affected": "!"
},
{
"version_value": "0:4.2.1-1.20140510git08b00d9.el6_6sat",
"version_affected": "!"
},
{
"version_value": "0:3.1.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-9.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-11.el6",
"version_affected": "!"
},
{
"version_value": "0:0.4-13.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.9-16.el6",
"version_affected": "!"
},
{
"version_value": "0:0.30-5.el6",
"version_affected": "!"
},
{
"version_value": "0:0.30-4.el6",
"version_affected": "!"
},
{
"version_value": "0:0.0.14-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.10.0-1.el6_6sat",
"version_affected": "!"
},
{
"version_value": "1:1.3.6-27.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.6-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-2.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.3.3-18.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0-21.1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.2.0.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.8.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:6.1.0.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.0.8-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.17-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0.11-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.14.6-3.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.25-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.11-4.el6sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.0.1-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.9-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.5.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.10.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.2-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.22.23-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.68-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.4.3-1.el6sat",
"version_affected": "!"
},
{
"version_value": "0:0.30.0-7.el6sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el6sat",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Satellite 6.2 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:0.9.54.7-1.el7",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.49-1.el7sat",
"version_affected": "!"
},
{
"version_value": "1:1.11.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.4-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.11.0.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.7.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0-10.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.5.0-5.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.4.0-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.56-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.1.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.8-3.el7",
"version_affected": "!"
},
{
"version_value": "0:2016.5-3.atomic.el7",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.1.1-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.8.3.5-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.8.6-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.3-10.el7sat",
"version_affected": "!"
},
{
"version_value": "0:4.2.1-1.20140510git08b00d9.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.5.1-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.30-11.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.4-13.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.9-16.el7",
"version_affected": "!"
},
{
"version_value": "0:0.30-5.el7",
"version_affected": "!"
},
{
"version_value": "0:0.30-4.el7",
"version_affected": "!"
},
{
"version_value": "0:0.0.14-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.3-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-4.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.6-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.2.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.2-2.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0-21.1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.2.0.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.2.0.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.8.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:6.1.0.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:5.0.0.8-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.1.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.3.17-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.10-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.3.0.11-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.7.14.6-3.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.25-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.11-4.el7sat",
"version_affected": "!"
},
{
"version_value": "0:2.0.0.1-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.5.1.9-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.1.3.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.2.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.5.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.10.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.11.2-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.0.22.23-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:3.0.0.68-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.4.3-1.el7sat",
"version_affected": "!"
},
{
"version_value": "0:0.30.0-7.el7sat",
"version_affected": "!"
},
{
"version_value": "0:1.0.2-1.el7sat",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://projects.theforeman.org/issues/11119",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/11119"
"url": "https://access.redhat.com/errata/RHBA-2016:1501",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2016:1501"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243571",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243571"
"url": "http://projects.theforeman.org/issues/11119",
"refsource": "MISC",
"name": "http://projects.theforeman.org/issues/11119"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5152",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5152"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243571",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243571"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

228
2015/5xxx/CVE-2015-5156.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5156",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets."
"value": "A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system."
}
]
},
@ -44,103 +21,188 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-642.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-229.20.1.rt56.141.14.el7_1",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-229.20.1.ael7b",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:2292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2016:0855",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "DSA-3364",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3364"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171454.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171454.html"
},
{
"name": "SUSE-SU-2015:1727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169378.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169378.html"
},
{
"name": "RHSA-2015:1978",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1978.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html"
},
{
"name": "FEDORA-2015-0253d1f070",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171454.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1978.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1978.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0855.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0855.html"
},
{
"name": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39"
"url": "http://www.debian.org/security/2015/dsa-3364",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3364"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "76230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76230"
"url": "http://www.securityfocus.com/bid/76230",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76230"
},
{
"name": "USN-2774-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2774-1"
"url": "http://www.securitytracker.com/id/1034045",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1034045"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243852",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243852"
"url": "http://www.ubuntu.com/usn/USN-2773-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2773-1"
},
{
"name": "USN-2773-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2773-1"
"url": "http://www.ubuntu.com/usn/USN-2774-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2774-1"
},
{
"name": "FEDORA-2015-c15f00eb95",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169378.html"
"url": "http://www.ubuntu.com/usn/USN-2777-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2777-1"
},
{
"name": "1034045",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034045"
"url": "https://access.redhat.com/errata/RHSA-2015:1977",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1977"
},
{
"name": "USN-2777-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2777-1"
"url": "https://access.redhat.com/errata/RHSA-2015:1978",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1978"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0855",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0855"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5156",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5156"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243852",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243852"
},
{
"url": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

273
2015/5xxx/CVE-2015-5157.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5157",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI."
"value": "A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system."
}
]
},
@ -44,123 +21,229 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Interaction Between Multiple Correctly-Behaving Entities",
"cweId": "CWE-435"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:2.6.32-573.26.1.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:3.10.0-327.10.1.rt56.211.el7_2",
"version_affected": "!"
},
{
"version_value": "0:3.10.0-327.10.1.el7",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise MRG 2",
"version": {
"version_data": [
{
"version_value": "1:3.10.0-327.rt56.171.el6rt",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0212.html"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "SUSE-SU-2015:2350",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
"url": "http://www.debian.org/security/2015/dsa-3313",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3313"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6",
"refsource": "MISC",
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"
},
{
"name": "SUSE-SU-2015:1727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"
"url": "http://www.openwall.com/lists/oss-security/2015/07/22/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/07/22/7"
},
{
"name": "RHSA-2016:0715",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0715.html"
"url": "http://www.ubuntu.com/usn/USN-2687-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2687-1"
},
{
"name": "USN-2689-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2689-1"
"url": "http://www.ubuntu.com/usn/USN-2688-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2688-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"url": "http://www.ubuntu.com/usn/USN-2689-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2689-1"
},
{
"name": "USN-2690-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2690-1"
"url": "http://www.ubuntu.com/usn/USN-2690-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2690-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a"
"url": "http://www.ubuntu.com/usn/USN-2691-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2691-1"
},
{
"name": "76005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76005"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"
},
{
"name": "USN-2691-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2691-1"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:0354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a",
"refsource": "MISC",
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a"
},
{
"name": "SUSE-SU-2015:2339",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
},
{
"name": "SUSE-SU-2015:2108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
},
{
"name": "USN-2688-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2688-1"
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
},
{
"name": "RHSA-2016:0185",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0185.html"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
},
{
"name": "DSA-3313",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3313"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0185.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0185.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0212.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0212.html"
},
{
"name": "[oss-security] 20150722 Linux x86_64 NMI security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/22/7"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0224.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0224.html"
},
{
"name": "RHSA-2016:0224",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0224.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0715.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0715.html"
},
{
"name": "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a"
"url": "http://www.securityfocus.com/bid/76005",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76005"
},
{
"name": "USN-2687-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2687-1"
"url": "https://access.redhat.com/errata/RHSA-2016:0185",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0185"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0212",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0212"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0224",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0224"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0715",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0715"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5157",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5157"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259577",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1259577"
},
{
"url": "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.2,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

124
2015/5xxx/CVE-2015-5163.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5163",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image."
"value": "A flaw was found in the OpenStack Image Service (glance) import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw."
}
]
},
@ -44,33 +21,98 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "External Initialization of Trusted Variables or Data Stores",
"cweId": "CWE-454"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2015.1.0-6.el7ost.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1639",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1639.html"
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html",
"refsource": "MISC",
"name": "http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html"
},
{
"name": "[openstack-announce] 20150813 [OSSA 2015-014] Glance v2 API host file disclosure through qcow2 backing file (CVE-2015-5163)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1639.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1639.html"
},
{
"name": "76346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76346"
"url": "http://www.securityfocus.com/bid/76346",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76346"
},
{
"name": "https://bugs.launchpad.net/glance/+bug/1471912",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/glance/+bug/1471912"
"url": "https://access.redhat.com/errata/RHSA-2015:1639",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1639"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5163",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5163"
},
{
"url": "https://bugs.launchpad.net/glance/+bug/1471912",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/glance/+bug/1471912"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252378",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252378"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
}

358
2015/5xxx/CVE-2015-5178.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5178",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element."
"value": "It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking)."
}
]
},
@ -44,48 +21,329 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5",
"version": {
"version_data": [
{
"version_value": "0:2.7.17-1.redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:0.33.16-1.redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el5",
"version_affected": "!"
},
{
"version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el5",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6",
"version": {
"version_data": [
{
"version_value": "0:2.7.17-1.redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:0.33.16-1.redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el6",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-1.Final_redhat_4.ep6.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "0:2.7.17-1.redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.5-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:5.2.15-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:0.33.16-1.redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-2.Final_redhat_4.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-4.Final_redhat_2.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-4.Final_redhat_4.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.4-3.Final_redhat_4.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:2.5.10-2.Final_redhat_2.2.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:2.3.8-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:3.2.10-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:7.5.11-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.0-2.Final_redhat_7.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:4.3.5-4.Final_redhat_3.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.0.0-2.SP4_redhat_6.1.ep6.el7",
"version_affected": "!"
},
{
"version_value": "0:1.1.31-1.Final_redhat_1.1.ep6.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1905.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1904.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1904.html"
},
{
"name": "RHSA-2015:1904",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1904.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1905.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1905.html"
},
{
"name": "RHSA-2015:1908",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1908.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1906.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1906.html"
},
{
"name": "RHSA-2015:1907",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1907.html"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1907.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1907.html"
},
{
"name": "1033859",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033859"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1908.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1908.html"
},
{
"name": "RHSA-2015:1906",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1906.html"
"url": "http://www.securitytracker.com/id/1033859",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033859"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1250552",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250552"
"url": "https://access.redhat.com/errata/RHSA-2015:1904",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1904"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1905",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1905"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1906",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1906"
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:1907",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1907"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5178",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5178"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250552",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1250552"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.9,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
}

118
2015/5xxx/CVE-2015-5190.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5190",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via \"escape characters\" in a URL."
"value": "A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI."
}
]
},
@ -44,23 +21,94 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:0.9.139-9.el6_7.1",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:0.9.137-13.el7_1.4",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
},
{
"name": "RHSA-2015:1700",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
"url": "https://access.redhat.com/errata/RHSA-2015:1700",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2015:1700"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2015-5190",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5190"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
}

255
2015/5xxx/CVE-2015-5219.json
View File

@ -1,40 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5219",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet."
"value": "It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet."
}
]
},
@ -44,133 +21,209 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "0:4.2.6p5-10.el6",
"version_affected": "!"
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "0:4.2.6p5-25.el7",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
"url": "http://www.debian.org/security/2015/dsa-3388",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8",
"refsource": "CONFIRM",
"url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc",
"refsource": "MISC",
"name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
},
{
"name": "openSUSE-SU:2016:3280",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg",
"refsource": "MISC",
"name": "http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
},
{
"name": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"name": "USN-2783-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2783-1"
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg",
"refsource": "CONFIRM",
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"name": "RHSA-2016:0780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
"url": "http://www.securityfocus.com/bid/76473",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/76473"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
"url": "http://www.ubuntu.com/usn/USN-2783-1",
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
"url": "https://access.redhat.com/errata/RHSA-2016:0780",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:0780"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
"url": "https://access.redhat.com/errata/RHSA-2016:2583",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:2583"
},
{
"name": "76473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76473"
"url": "https://access.redhat.com/security/cve/CVE-2015-5219",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2015-5219"
},
{
"name": "SUSE-SU:2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
},
{
"name": "FEDORA-2015-14212",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
"url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8",
"refsource": "MISC",
"name": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"name": "FEDORA-2015-14213",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157",
"refsource": "MISC",
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122",
"refsource": "MISC",
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
},
{
"refsource": "CONFIRM",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956",
"refsource": "MISC",
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706",
"refsource": "MISC",
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542",
"refsource": "MISC",
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
},
{
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409",
"refsource": "MISC",
"name": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
}
]
},
"impact": {
"cvss": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 3.3,
"collateralDamagePotential": "NOT_DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 0,
"exploitability": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"targetDistribution": "NOT_DEFINED",
"temporalScore": 0,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
}

9
2023/0xxx/CVE-2023-0650.json
View File

@ -126,10 +126,19 @@
"url": "https://github.com/YAFNET/YAFNET/releases/tag/v3.1.12",
"refsource": "MISC",
"name": "https://github.com/YAFNET/YAFNET/releases/tag/v3.1.12"
},
{
"url": "https://github.com/YAFNET/YAFNET/security/advisories/GHSA-mg6p-jjff-7g5m",
"refsource": "MISC",
"name": "https://github.com/YAFNET/YAFNET/security/advisories/GHSA-mg6p-jjff-7g5m"
}
]
},
"credits": [
{
"lang": "en",
"value": "Chun-Li Lin"
},
{
"lang": "en",
"value": "lin7lic (VulDB User)"

101
2023/0xxx/CVE-2023-0651.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in FastCMS 0.1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Komponente Template Management. Mittels dem Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FastCMS",
"version": {
"version_data": [
{
"version_value": "0.1.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.220038",
"refsource": "MISC",
"name": "https://vuldb.com/?id.220038"
},
{
"url": "https://vuldb.com/?ctiid.220038",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.220038"
},
{
"url": "https://github.com/linmoren/fastcms_bug/blob/main/template_files_upload.md",
"refsource": "MISC",
"name": "https://github.com/linmoren/fastcms_bug/blob/main/template_files_upload.md"
},
{
"url": "https://github.com/linmoren/fastcms_bug/blob/main/password.zip",
"refsource": "MISC",
"name": "https://github.com/linmoren/fastcms_bug/blob/main/password.zip"
}
]
},
"credits": [
{
"lang": "en",
"value": "yanfei.chen (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}