mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-12-30 05:58:39 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
af83802a3e
commit
f9cbdb6f75
File diff suppressed because it is too large
Load Diff
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-0248",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging."
|
||||
"value": "It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,63 +21,192 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Control of Generation of Code ('Code Injection')",
|
||||
"cweId": "CWE-94"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "JBEWP 5 for RHEL 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.2.6.EAP5-12.ep5.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "JBEWP 5 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.2.6.EAP5-16.el6_5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.2.6.EAP5-10.ep5.el4",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.2.6.EAP5-12.ep5.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.2.6.EAP5-16.el6_5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "59554",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59554"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0785.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0785.html"
|
||||
},
|
||||
{
|
||||
"name": "59555",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59555"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0791.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0791.html"
|
||||
},
|
||||
{
|
||||
"name": "59346",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59346"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0792.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0792.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:1888",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0793.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0793.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0793",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0793.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0794.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0794.html"
|
||||
},
|
||||
{
|
||||
"name": "1030457",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1030457"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2015-1888.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0785",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0785.html"
|
||||
"url": "http://secunia.com/advisories/59346",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59346"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0791",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0791.html"
|
||||
"url": "http://secunia.com/advisories/59554",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59554"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0792",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0792.html"
|
||||
"url": "http://secunia.com/advisories/59555",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59555"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0794",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0794.html"
|
||||
"url": "http://www.securitytracker.com/id/1030457",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securitytracker.com/id/1030457"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0785",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0785"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0792",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0792"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0793",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0793"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0794",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0794"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:1888",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:1888"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-0248",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-0248"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101619",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101619"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6.8,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-2894",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption."
|
||||
"value": "CVE-2014-2894 QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,73 +21,206 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
|
||||
"cweId": "CWE-119"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OpenStack 3 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2:0.12.1.2-2.415.el6_5.10",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "OpenStack 4 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2:0.12.1.2-2.415.el6_5.10",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2:0.12.1.2-2.415.el6_5.10",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "10:1.5.3-60.el7_0.2",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2:0.12.1.2-2.415.el6_5.10",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:6.5-20140603.2.el6ev",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "RHSA-2014:0743",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
|
||||
"url": "http://secunia.com/advisories/58191",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/58191"
|
||||
},
|
||||
{
|
||||
"name": "[Qemu-devel] 20140412 [PATCH for 2.0] ide: Correct improper smart self test c",
|
||||
"refsource": "MLIST",
|
||||
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0744",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
|
||||
},
|
||||
{
|
||||
"name": "[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c",
|
||||
"refsource": "MLIST",
|
||||
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0674",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0674"
|
||||
},
|
||||
{
|
||||
"name": "USN-2182-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2182-1"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0743",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0743"
|
||||
},
|
||||
{
|
||||
"name": "[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c",
|
||||
"refsource": "MLIST",
|
||||
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0744",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0744"
|
||||
},
|
||||
{
|
||||
"name": "57945",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/57945"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0888",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0888"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20140418 Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/04/18/5"
|
||||
"url": "http://www.ubuntu.com/usn/USN-2182-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-2182-1"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0704",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0704.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0704.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0704.html"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20140415 CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/04/15/4"
|
||||
"url": "http://secunia.com/advisories/57945",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/57945"
|
||||
},
|
||||
{
|
||||
"name": "66932",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/66932"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/04/15/4",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2014/04/15/4"
|
||||
},
|
||||
{
|
||||
"name": "58191",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/58191"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/04/18/5",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2014/04/18/5"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/66932",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/66932"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0704",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0704"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-2894",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-2894"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087971",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1087971"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "HIGH",
|
||||
"accessVector": "ADJACENT_NETWORK",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3461",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to \"USB post load checks.\""
|
||||
"value": "CVE-2014-3461 Qemu: usb: fix up post load checks"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,33 +21,188 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Heap-based Buffer Overflow",
|
||||
"cweId": "CWE-122"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OpenStack 3 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2:0.12.1.2-2.415.el6_5.10",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "OpenStack 4 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2:0.12.1.2-2.415.el6_5.10",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2:0.12.1.2-2.415.el6_5.10",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "10:1.5.3-60.el7_0.5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "10:1.5.3-60.el7_0.7",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2:0.12.1.2-2.415.el6_5.10",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:6.5-20140603.2.el6ev",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "RHSA-2014:0743",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0744",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2014-6970",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0674",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0674"
|
||||
},
|
||||
{
|
||||
"name": "[qemu-devel] 20140512 [PATCH] usb: fix up post load checks",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://article.gmane.org/gmane.comp.emulators.qemu/272092"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0743",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0743"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0744",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0744"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0888",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0888"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0927",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0927"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1268",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1268"
|
||||
},
|
||||
{
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
|
||||
},
|
||||
{
|
||||
"url": "http://article.gmane.org/gmane.comp.emulators.qemu/272092",
|
||||
"refsource": "MISC",
|
||||
"name": "http://article.gmane.org/gmane.comp.emulators.qemu/272092"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3461",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3461"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1096821",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1096821"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was discovered by Anthony Liguori, Michael Roth, and Michael S. Tsirkin (Red Hat)."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "HIGH",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 3.7,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3475",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578."
|
||||
"value": "CVE-2014-3473 CVE-2014-3474 CVE-2014-3475 CVE-2014-8578 openstack-horizon: multiple XSS flaws"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,33 +21,120 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OpenStack 4 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2013.2.3-3.el6ost",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2014.1.1-2.el7ost",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "68456",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/68456"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
|
||||
},
|
||||
{
|
||||
"name": "https://bugs.launchpad.net/horizon/+bug/1320235",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugs.launchpad.net/horizon/+bug/1320235"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0939",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0939"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1188",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1188"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2015:0078",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116090",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1116090"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/68456",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/68456"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3475",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3475"
|
||||
},
|
||||
{
|
||||
"url": "https://bugs.launchpad.net/horizon/+bug/1320235",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugs.launchpad.net/horizon/+bug/1320235"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Red Hat would like to thank OpenStack project for reporting this issue. Upstream acknowledges Craig Lorentzen (Cisco), Jason Hullinger (Hewlett Packard), and Michael Xin (Rackspace) as the original reporters."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3486",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name."
|
||||
"value": "CVE-2014-3486 CFME: SSH Utility insecure tmp file creation leading to code execution as root"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,28 +21,92 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Insecure Temporary File",
|
||||
"cweId": "CWE-377"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "CloudForms Management Engine 5.x",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:5.2.4.2-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.2.13-8.el6cf",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "68300",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/68300"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0816",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0816"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1107528",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107528"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0816",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html"
|
||||
"url": "http://www.securityfocus.com/bid/68300",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/68300"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3486",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3486"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107528",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1107528"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6.9,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3493",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference."
|
||||
"value": "It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,128 +21,224 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Return of Wrong Status Code",
|
||||
"cweId": "CWE-393"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.6.6-0.140.el5_10",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.6.9-169.el6_5",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.0.0-63.el6_5.rc4",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:4.1.1-35.el7_0",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1"
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2014:136",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136"
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0866",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0866.html"
|
||||
"url": "http://security.gentoo.org/glsa/glsa-201502-15.xml",
|
||||
"refsource": "MISC",
|
||||
"name": "http://security.gentoo.org/glsa/glsa-201502-15.xml"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2014-9132",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082"
|
||||
},
|
||||
{
|
||||
"name": "61218",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/61218"
|
||||
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993",
|
||||
"refsource": "MISC",
|
||||
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993"
|
||||
},
|
||||
{
|
||||
"name": "59834",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59834"
|
||||
"url": "http://advisories.mageia.org/MGASA-2014-0279.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://advisories.mageia.org/MGASA-2014-0279.html"
|
||||
},
|
||||
{
|
||||
"name": "http://linux.oracle.com/errata/ELSA-2014-0866.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://linux.oracle.com/errata/ELSA-2014-0866.html"
|
||||
"url": "http://linux.oracle.com/errata/ELSA-2014-0866.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://linux.oracle.com/errata/ELSA-2014-0866.html"
|
||||
},
|
||||
{
|
||||
"name": "59848",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59848"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0866.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0866.html"
|
||||
},
|
||||
{
|
||||
"name": "20140711 [ MDVSA-2014:136 ] samba",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/532757/100/0/threaded"
|
||||
"url": "http://secunia.com/advisories/59378",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59378"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201502-15",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://security.gentoo.org/glsa/glsa-201502-15.xml"
|
||||
"url": "http://secunia.com/advisories/59407",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59407"
|
||||
},
|
||||
{
|
||||
"name": "68150",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/68150"
|
||||
"url": "http://secunia.com/advisories/59433",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59433"
|
||||
},
|
||||
{
|
||||
"name": "59407",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59407"
|
||||
"url": "http://secunia.com/advisories/59579",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59579"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2014-7672",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html"
|
||||
"url": "http://secunia.com/advisories/59834",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59834"
|
||||
},
|
||||
{
|
||||
"name": "59433",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59433"
|
||||
"url": "http://secunia.com/advisories/59848",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59848"
|
||||
},
|
||||
{
|
||||
"name": "59919",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59919"
|
||||
"url": "http://secunia.com/advisories/59919",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59919"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108748",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108748"
|
||||
"url": "http://secunia.com/advisories/61218",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/61218"
|
||||
},
|
||||
{
|
||||
"name": "http://advisories.mageia.org/MGASA-2014-0279.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://advisories.mageia.org/MGASA-2014-0279.html"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136"
|
||||
},
|
||||
{
|
||||
"name": "59378",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59378"
|
||||
"url": "http://www.securityfocus.com/archive/1/532757/100/0/threaded",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/archive/1/532757/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2015:082",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082"
|
||||
"url": "http://www.securitytracker.com/id/1030455",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securitytracker.com/id/1030455"
|
||||
},
|
||||
{
|
||||
"name": "59579",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59579"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0866",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0866"
|
||||
},
|
||||
{
|
||||
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0867",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0867"
|
||||
},
|
||||
{
|
||||
"name": "http://www.samba.org/samba/security/CVE-2014-3493",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.samba.org/samba/security/CVE-2014-3493"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1009",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1009"
|
||||
},
|
||||
{
|
||||
"name": "1030455",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1030455"
|
||||
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1",
|
||||
"refsource": "MISC",
|
||||
"name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.samba.org/samba/security/CVE-2014-3493",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.samba.org/samba/security/CVE-2014-3493"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/68150",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/68150"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3493",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3493"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108748",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108748"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "ADJACENT_NETWORK",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 2.7,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3496",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file."
|
||||
"value": "CVE-2014-3496 OpenShift Origin: Command execution as root via downloadable cartridge source-url"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,43 +21,139 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
|
||||
"cweId": "CWE-78"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat OpenShift Enterprise 2.0",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.17.5.17-1.el6op",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat OpenShift Enterprise 2.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:0.8.1.2-1.el6op",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.23.9.11-1.el6op",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RHEL 6 Version of OpenShift Enterprise 1.2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.9.14.8-1.el6op",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "59298",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59298"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0762.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0762.html"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/openshift/origin-server/pull/5521",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/openshift/origin-server/pull/5521"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0763.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0763.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0764",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0764.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0764.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0764.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0762",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0762.html"
|
||||
"url": "http://secunia.com/advisories/59298",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59298"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0763",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0763.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0762",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0762"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0763",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0763"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0764",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0764"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3496",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3496"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/openshift/origin-server/pull/5521",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/openshift/origin-server/pull/5521"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 10,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3497",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header."
|
||||
"value": "It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks (and possibly other impacts) if a user were tricked into clicking on a malicious URL."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,48 +21,117 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.13.1-3.el7ost",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.1.0-2.el7ost",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "USN-2256-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2256-1"
|
||||
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-June/000243.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.openstack.org/pipermail/openstack-announce/2014-June/000243.html"
|
||||
},
|
||||
{
|
||||
"name": "59532",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59532"
|
||||
"url": "http://secunia.com/advisories/59532",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59532"
|
||||
},
|
||||
{
|
||||
"name": "https://review.openstack.org/#/c/101031/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://review.openstack.org/#/c/101031/"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/06/19/10",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2014/06/19/10"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20140619 [OSSA 2014-020] XSS in Swift requests through WWW-Authenticate header (CVE-2014-3497)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/06/19/10"
|
||||
"url": "http://www.securityfocus.com/bid/68116",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/68116"
|
||||
},
|
||||
{
|
||||
"name": "68116",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/68116"
|
||||
"url": "http://www.ubuntu.com/usn/USN-2256-1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.ubuntu.com/usn/USN-2256-1"
|
||||
},
|
||||
{
|
||||
"name": "[openstack-announce] 20140619 [OSSA 2014-020] XSS in Swift requests through WWW-Authenticate header (CVE-2014-3497)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-June/000243.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0941",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0941"
|
||||
},
|
||||
{
|
||||
"name": "https://review.openstack.org/#/c/101032/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://review.openstack.org/#/c/101032/"
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3497",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3497"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110809",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1110809"
|
||||
},
|
||||
{
|
||||
"url": "https://review.openstack.org/#/c/101031/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://review.openstack.org/#/c/101031/"
|
||||
},
|
||||
{
|
||||
"url": "https://review.openstack.org/#/c/101032/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://review.openstack.org/#/c/101032/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3499",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors."
|
||||
"value": "CVE-2014-3499 docker: systemd socket activation results in privilege escalation"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,23 +21,83 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Incorrect Privilege Assignment",
|
||||
"cweId": "CWE-266"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 7 Extras",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:0.11.1-22.el7",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1111687",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111687"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0820.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0820.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0820",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0820.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0820",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0820"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3499",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3499"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111687",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1111687"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 7.2,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3517",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests."
|
||||
"value": "A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that proxy metadata requests via Neutron."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,23 +21,104 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Covert Timing Channel",
|
||||
"cweId": "CWE-385"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OpenStack 4 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2013.2.3-12.el6ost",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2014.1.1-4.el7ost",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "[oss-security] 20140717 [OSSA 2014-024] Use of non-constant time comparison operation (CVE-2014-3517)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/2"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1084",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1084"
|
||||
},
|
||||
{
|
||||
"name": "https://bugs.launchpad.net/nova/+bug/1325128",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugs.launchpad.net/nova/+bug/1325128"
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2014/07/17/2"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0940",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0940"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3517",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3517"
|
||||
},
|
||||
{
|
||||
"url": "https://bugs.launchpad.net/nova/+bug/1325128",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugs.launchpad.net/nova/+bug/1325128"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112499",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1112499"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3520",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request."
|
||||
"value": "A flaw was found in the way keystone handled trusts. A trustee could use an out-of-scope project ID to gain unauthorized access to a project if the trustor had the required roles for that requested project."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,28 +21,104 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Incorrect Authorization",
|
||||
"cweId": "CWE-863"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OpenStack 3 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2013.1.5-3.el6ost",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "OpenStack 4 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2013.2.3-7.el6ost",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://bugs.launchpad.net/keystone/+bug/1331912",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugs.launchpad.net/keystone/+bug/1331912"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0994",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0994"
|
||||
},
|
||||
{
|
||||
"name": "[openstack-announce] 20140702 [OSSA 2014-022] Keystone V2 trusts privilege escalation through user supplied project id (CVE-2014-3520)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html"
|
||||
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html"
|
||||
},
|
||||
{
|
||||
"name": "59426",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59426"
|
||||
"url": "http://secunia.com/advisories/59426",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59426"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3520",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3520"
|
||||
},
|
||||
{
|
||||
"url": "https://bugs.launchpad.net/keystone/+bug/1331912",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugs.launchpad.net/keystone/+bug/1331912"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112668",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1112668"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 3.5,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3521",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL."
|
||||
"value": "It was discovered that various components in the luci site extension-related URLs were not properly restricted to administrative users. A remote, authenticated attacker could escalate their privileges to perform certain actions that should be restricted to administrative users, such as adding users and systems, and viewing log data."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,23 +21,83 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Missing Authorization",
|
||||
"cweId": "CWE-862"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:0.12.2-81.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1112813",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112813"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:1194",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1194",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1194"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3521",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3521"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112813",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1112813"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 5.5,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3530",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue."
|
||||
"value": "It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,78 +21,285 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Restriction of XML External Entity Reference",
|
||||
"cweId": "CWE-611"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "JBEWP 5 for RHEL 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.1.5-3_patch_01.ep5.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "JBEWP 5 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.1.5-3_patch_01.el6_5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.1.5-3_patch_01.ep5.el4",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.1.5-3_patch_01.ep5.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.1.5-3_patch_01.el6_5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.1.9-5.SP3_redhat_2.1.ep6.el5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.1.9-5.SP3_redhat_2.1.ep6.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "RHSA-2014:0886",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0886.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0885",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0885.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:0765",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
|
||||
},
|
||||
{
|
||||
"name": "60124",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/60124"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0910",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0910"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:0675",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:0234",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:0234"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:0720",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:0235",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:0235"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0884",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0884.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:0675",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:0675"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:1888",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:0720",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:0720"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:0091",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0091.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:0765",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:0765"
|
||||
},
|
||||
{
|
||||
"name": "60047",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/60047"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:1009",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:1009"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0883",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0883.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2015-1888.html"
|
||||
},
|
||||
{
|
||||
"name": "1030607",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1030607"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:1888",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:1888"
|
||||
},
|
||||
{
|
||||
"name": "jboss-cve20143530-info-disc(94700)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94700"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0883.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0883.html"
|
||||
},
|
||||
{
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0884.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0884.html"
|
||||
},
|
||||
{
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0885.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0885.html"
|
||||
},
|
||||
{
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0886.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-0886.html"
|
||||
},
|
||||
{
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0091.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2015-0091.html"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/60047",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/60047"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/60124",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/60124"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securitytracker.com/id/1030607",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securitytracker.com/id/1030607"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0883",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0883"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0884",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0884"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0885",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0885"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0886",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0886"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0897",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0897"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:0898",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:0898"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:0091",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:0091"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3530",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3530"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112987",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1112987"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94700",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94700"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Red Hat would like to thank Alexander Papadakis for reporting this issue."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 7.5,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Loading…
x
Reference in New Issue
Block a user