diff --git a/2014/0xxx/CVE-2014-0234.json b/2014/0xxx/CVE-2014-0234.json index 700e752cdb0..5d41e2c2139 100644 --- a/2014/0xxx/CVE-2014-0234.json +++ b/2014/0xxx/CVE-2014-0234.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0234", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of \"mooo\" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281." + "value": "CVE-2014-0234 OpenShift Enterprise openshift-origin-broker: default password creation" } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Password" + "value": "Use of Hard-coded Credentials", + "cweId": "CWE-798" } ] } @@ -31,15 +32,944 @@ "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Red Hat", "product": { "product_data": [ { - "product_name": "Red Hat OpenShift Enterprise", + "product_name": "Red Hat OpenShift Enterprise 2.1", "version": { "version_data": [ { - "version_value": "2.x before 2.1" + "version_value": "0:5.9.0-5.redhat.610328.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.800.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.8.4-2.el6", + "version_affected": "!" + }, + { + "version_value": "0:3.240-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.6.6-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0d-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.0.35-11.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.9.2-8.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.3.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:8.70-19.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.4.4-4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.4.22-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.5-0.1.dev19.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.8.5.patch1-7.el6op", + "version_affected": "!" + }, + { + "version_value": "0:4.2.1-9.1.el6_2", + "version_affected": "!" + }, + { + "version_value": "0:6.5.4.7-7.el6_5", + "version_affected": "!" + }, + { + "version_value": "0:1.900.1-15.el6_1.1", + "version_affected": "!" + }, + { + "version_value": "0:6.0.1.GA-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:6.0.0.GA-8.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2.redhat_1-1.2.el6_5", + "version_affected": "!" + }, + { + "version_value": "0:1.509.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.6.28-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.70-12.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.10-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.2.1-4.8.el6", + "version_affected": "!" + }, + { + "version_value": "0:3.2.1-4.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.19-1.el6", + "version_affected": "!" + }, + { + "version_value": "0:2007e-11.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.40.rc1-5.el6_5.1", + "version_affected": "!" + }, + { + "version_value": "0:3.11.0-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.1.5-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:4.04-4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.0.5-3.2.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.2.5-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.5.8-10.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.8.0-24.3.el6", + "version_affected": "!" + }, + { + "version_value": "0:2.4.0-0.6.RC4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.4.6-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:4.1.1-3.el6op.3", + "version_affected": "!" + }, + { + "version_value": "0:1.1.1-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.2.2-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.2.1-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.6.2-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.1.1-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.7.10-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.1.0-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.7.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.2.5-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.14-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.2.0-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.0.3-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.2.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.3.17-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-alpha9.1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.6.9-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.4.0-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.0.5-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.12.3-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.0.4-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.0.8-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.1.4-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.5.2-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.0.2-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.4.25-8.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.1.0-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.16.1.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.23.8.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.21.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.23.3.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.21.3.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.23.5.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.16.3.4-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.22.3.4-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.20.3.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.19.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.18.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.23.4.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.24.3.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.22.5.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.23.3.4-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.23.3.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.16.2.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.5.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.19.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.22.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.22.3.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.22.6.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.9.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.17.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.0.3-4", + "version_affected": "!" + }, + { + "version_value": "0:1.12.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.4008-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.31-6.1.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.08-3.1.el6", + "version_affected": "!" + }, + { + "version_value": "0:3.0.17-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.09-9.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.7-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.13-2.1.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.31-3.1.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.7901-4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.16004-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.1000-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.03-7.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.35-7.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.110-10.1.el6", + "version_affected": "!" + }, + { + "version_value": "0:2.15-5.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.08-9.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.70-4.el6", + "version_affected": "!" + }, + { + "version_value": "0:5.3.3-27.el6_5", + "version_affected": "!" + }, + { + "version_value": "0:3.1.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.2.3-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:5.3.3-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.5.0-0.3.b3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.5.0-0.1.b3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.1.2-1.el6_5", + "version_affected": "!" + }, + { + "version_value": "0:2.1.4-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.5.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.1.0-0.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.05-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:4.7.0-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.4-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.4.1-10.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.4-7.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.10.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.2.1.redhat_1-1.el6_5", + "version_affected": "!" + }, + { + "version_value": "0:1.23.7.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:7.4.7-5.4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.6.6-3.el6op", + "version_affected": "!" + }, + { + "version_value": "1:1.8.5-10.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.4.1-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.8.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.8.1-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.2.6-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:4.0.3-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.12.2-4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.3-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.1.0-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.10-4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.53-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.7-7.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.5-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.2.4-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.2.8.1-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:4.0.3-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.6.16-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.3.4.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.1.0-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.7.3-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.7.3-1.el6", + "version_affected": "!" + }, + { + "version_value": "0:3.5.0-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.1.4-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.5.0-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.3.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.3.0-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.7-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.8.0-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.0.21-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.6.8-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.3.7-4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.6.1-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.3.1-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.3.1-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.9.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.0.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.2.0-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.2.5-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.1.2-7.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.2.14-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.6.8-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.5.2-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.12-10.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.8.2-8.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.0.94-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.5.2-3.1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.8.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.21-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:4.0.3-4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.1.2-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.7-4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.0.5-4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.3.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.7.3-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.1.2-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.7.0-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.2.0-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.4.3.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.3.0-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.20.2.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.19.6.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.22.5.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.23.4.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.8.1.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.23.10.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.16.2.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.4.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.5.2.1-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.5.2.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.23.9.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.5.2-5.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.0.5-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.0.21-9.el6op", + "version_affected": "!" + }, + { + "version_value": "1:1.3.0-4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.8.7-2.1.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.2.4-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.8.4-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.0.4-6.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.8.24-6.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.0.4-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.2.5-4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.3.3-4.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.1.8-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.2.0-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.2.0-3.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.14.6-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.0.5-93.el6op", + "version_affected": "!" + }, + { + "version_value": "0:4.3.3-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.8.2-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:2.13.1-6.el6op.1", + "version_affected": "!" + }, + { + "version_value": "0:1.3.0b2-10.2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.7.2.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:0.4.0-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.6.1-10.el6", + "version_affected": "!" + }, + { + "version_value": "1:3.14.5.10-2.el6op", + "version_affected": "!" + }, + { + "version_value": "0:3.0.1-20.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.1.30-17.el6_5", + "version_affected": "!" } ] } @@ -53,29 +983,64 @@ "references": { "reference_data": [ { + "url": "https://access.redhat.com/errata/RHBA-2014:0487", "refsource": "MISC", - "name": "https://github.com/openshift/openshift-extras/blob/master/README.md", - "url": "https://github.com/openshift/openshift-extras/blob/master/README.md" + "name": "https://access.redhat.com/errata/RHBA-2014:0487" }, { + "url": "http://openwall.com/lists/oss-security/2014/06/05/19", "refsource": "MISC", - "name": "http://openwall.com/lists/oss-security/2014/06/05/19", - "url": "http://openwall.com/lists/oss-security/2014/06/05/19" + "name": "http://openwall.com/lists/oss-security/2014/06/05/19" }, { + "url": "http://www.securityfocus.com/bid/67657", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1097008", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1097008" + "name": "http://www.securityfocus.com/bid/67657" }, { + "url": "https://access.redhat.com/security/cve/CVE-2014-0234", "refsource": "MISC", - "name": "https://rhn.redhat.com/errata/RHSA-2014-0487.html", - "url": "https://rhn.redhat.com/errata/RHSA-2014-0487.html" + "name": "https://access.redhat.com/security/cve/CVE-2014-0234" }, { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1097008", "refsource": "MISC", - "name": "http://www.securityfocus.com/bid/67657", - "url": "http://www.securityfocus.com/bid/67657" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1097008" + }, + { + "url": "https://github.com/openshift/openshift-extras/blob/master/README.md", + "refsource": "MISC", + "name": "https://github.com/openshift/openshift-extras/blob/master/README.md" + }, + { + "url": "https://rhn.redhat.com/errata/RHSA-2014-0487.html", + "refsource": "MISC", + "name": "https://rhn.redhat.com/errata/RHSA-2014-0487.html" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.5, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "version": "2.0" } ] } diff --git a/2014/0xxx/CVE-2014-0248.json b/2014/0xxx/CVE-2014-0248.json index a71b4fa9b29..332bf70074d 100644 --- a/2014/0xxx/CVE-2014-0248.json +++ b/2014/0xxx/CVE-2014-0248.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0248", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging." + "value": "It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application." } ] }, @@ -44,63 +21,192 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "JBEWP 5 for RHEL 5", + "version": { + "version_data": [ + { + "version_value": "0:2.2.6.EAP5-12.ep5.el5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "JBEWP 5 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:2.2.6.EAP5-16.el6_5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", + "version": { + "version_data": [ + { + "version_value": "0:2.2.6.EAP5-10.ep5.el4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", + "version": { + "version_data": [ + { + "version_value": "0:2.2.6.EAP5-12.ep5.el5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:2.2.6.EAP5-16.el6_5", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "59554", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59554" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0785.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0785.html" }, { - "name": "59555", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59555" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0791.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0791.html" }, { - "name": "59346", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59346" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0792.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0792.html" }, { - "name": "RHSA-2015:1888", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0793.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0793.html" }, { - "name": "RHSA-2014:0793", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0793.html" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0794.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0794.html" }, { - "name": "1030457", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1030457" + "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-1888.html" }, { - "name": "RHSA-2014:0785", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0785.html" + "url": "http://secunia.com/advisories/59346", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59346" }, { - "name": "RHSA-2014:0791", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0791.html" + "url": "http://secunia.com/advisories/59554", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59554" }, { - "name": "RHSA-2014:0792", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0792.html" + "url": "http://secunia.com/advisories/59555", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59555" }, { - "name": "RHSA-2014:0794", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0794.html" + "url": "http://www.securitytracker.com/id/1030457", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1030457" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0785", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0785" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0792", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0792" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0793", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0793" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0794", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0794" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2015:1888", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2015:1888" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2014-0248", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-0248" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101619", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101619" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 6.8, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "version": "2.0" } ] } diff --git a/2014/2xxx/CVE-2014-2894.json b/2014/2xxx/CVE-2014-2894.json index bee9b368ccb..b50eba0f466 100644 --- a/2014/2xxx/CVE-2014-2894.json +++ b/2014/2xxx/CVE-2014-2894.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-2894", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption." + "value": "CVE-2014-2894 QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART" } ] }, @@ -44,73 +21,206 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "OpenStack 3 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.415.el6_5.10", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "OpenStack 4 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.415.el6_5.10", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.415.el6_5.10", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "10:1.5.3-60.el7_0.2", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.415.el6_5.10", + "version_affected": "!" + }, + { + "version_value": "0:6.5-20140603.2.el6ev", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2014:0743", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html" + "url": "http://secunia.com/advisories/58191", + "refsource": "MISC", + "name": "http://secunia.com/advisories/58191" }, { - "name": "[Qemu-devel] 20140412 [PATCH for 2.0] ide: Correct improper smart self test c", - "refsource": "MLIST", - "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0743.html" }, { - "name": "RHSA-2014:0744", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0744.html" }, { - "name": "[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c", - "refsource": "MLIST", - "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html" + "url": "https://access.redhat.com/errata/RHSA-2014:0674", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0674" }, { - "name": "USN-2182-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2182-1" + "url": "https://access.redhat.com/errata/RHSA-2014:0743", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0743" }, { - "name": "[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c", - "refsource": "MLIST", - "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html" + "url": "https://access.redhat.com/errata/RHSA-2014:0744", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0744" }, { - "name": "57945", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/57945" + "url": "https://access.redhat.com/errata/RHSA-2014:0888", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0888" }, { - "name": "[oss-security] 20140418 Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2014/04/18/5" + "url": "http://www.ubuntu.com/usn/USN-2182-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2182-1" }, { - "name": "RHSA-2014:0704", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0704.html" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0704.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0704.html" }, { - "name": "[oss-security] 20140415 CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2014/04/15/4" + "url": "http://secunia.com/advisories/57945", + "refsource": "MISC", + "name": "http://secunia.com/advisories/57945" }, { - "name": "66932", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/66932" + "url": "http://www.openwall.com/lists/oss-security/2014/04/15/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/04/15/4" }, { - "name": "58191", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/58191" + "url": "http://www.openwall.com/lists/oss-security/2014/04/18/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/04/18/5" + }, + { + "url": "http://www.securityfocus.com/bid/66932", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/66932" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0704", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0704" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2014-2894", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-2894" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087971", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1087971" + }, + { + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html", + "refsource": "MISC", + "name": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html" + }, + { + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html", + "refsource": "MISC", + "name": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html" + }, + { + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html", + "refsource": "MISC", + "name": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "HIGH", + "accessVector": "ADJACENT_NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P", + "version": "2.0" } ] } diff --git a/2014/3xxx/CVE-2014-3461.json b/2014/3xxx/CVE-2014-3461.json index bfddacef179..9eeeeb857c3 100644 --- a/2014/3xxx/CVE-2014-3461.json +++ b/2014/3xxx/CVE-2014-3461.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3461", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to \"USB post load checks.\"" + "value": "CVE-2014-3461 Qemu: usb: fix up post load checks" } ] }, @@ -44,33 +21,188 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Heap-based Buffer Overflow", + "cweId": "CWE-122" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "OpenStack 3 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.415.el6_5.10", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "OpenStack 4 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.415.el6_5.10", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.415.el6_5.10", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "10:1.5.3-60.el7_0.5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "10:1.5.3-60.el7_0.7", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", + "version": { + "version_data": [ + { + "version_value": "2:0.12.1.2-2.415.el6_5.10", + "version_affected": "!" + }, + { + "version_value": "0:6.5-20140603.2.el6ev", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2014:0743", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0743.html" }, { - "name": "RHSA-2014:0744", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0744.html" }, { - "name": "FEDORA-2014-6970", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html" + "url": "https://access.redhat.com/errata/RHSA-2014:0674", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0674" }, { - "name": "[qemu-devel] 20140512 [PATCH] usb: fix up post load checks", - "refsource": "MLIST", - "url": "http://article.gmane.org/gmane.comp.emulators.qemu/272092" + "url": "https://access.redhat.com/errata/RHSA-2014:0743", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0743" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0744", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0744" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0888", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0888" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0927", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0927" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:1268", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:1268" + }, + { + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html" + }, + { + "url": "http://article.gmane.org/gmane.comp.emulators.qemu/272092", + "refsource": "MISC", + "name": "http://article.gmane.org/gmane.comp.emulators.qemu/272092" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2014-3461", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-3461" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1096821", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1096821" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Anthony Liguori, Michael Roth, and Michael S. Tsirkin (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "accessComplexity": "HIGH", + "accessVector": "LOCAL", + "authentication": "NONE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 3.7, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", + "version": "2.0" } ] } diff --git a/2014/3xxx/CVE-2014-3475.json b/2014/3xxx/CVE-2014-3475.json index a65c72a363a..f1465641cc0 100644 --- a/2014/3xxx/CVE-2014-3475.json +++ b/2014/3xxx/CVE-2014-3475.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3475", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578." + "value": "CVE-2014-3473 CVE-2014-3474 CVE-2014-3475 CVE-2014-8578 openstack-horizon: multiple XSS flaws" } ] }, @@ -44,33 +21,120 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "OpenStack 4 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:2013.2.3-3.el6ost", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:2014.1.1-2.el7ost", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "68456", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/68456" + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html" }, { - "name": "https://bugs.launchpad.net/horizon/+bug/1320235", - "refsource": "CONFIRM", - "url": "https://bugs.launchpad.net/horizon/+bug/1320235" + "url": "https://access.redhat.com/errata/RHSA-2014:0939", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0939" }, { - "name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2014/07/08/6" + "url": "https://access.redhat.com/errata/RHSA-2014:1188", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:1188" }, { - "name": "openSUSE-SU-2015:0078", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116090", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1116090" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2014/07/08/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/07/08/6" + }, + { + "url": "http://www.securityfocus.com/bid/68456", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/68456" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2014-3475", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-3475" + }, + { + "url": "https://bugs.launchpad.net/horizon/+bug/1320235", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/horizon/+bug/1320235" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank OpenStack project for reporting this issue. Upstream acknowledges Craig Lorentzen (Cisco), Jason Hullinger (Hewlett Packard), and Michael Xin (Rackspace) as the original reporters." + } + ], + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "version": "2.0" } ] } diff --git a/2014/3xxx/CVE-2014-3486.json b/2014/3xxx/CVE-2014-3486.json index 97db33092d8..762379bb31e 100644 --- a/2014/3xxx/CVE-2014-3486.json +++ b/2014/3xxx/CVE-2014-3486.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3486", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name." + "value": "CVE-2014-3486 CFME: SSH Utility insecure tmp file creation leading to code execution as root" } ] }, @@ -44,28 +21,92 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Insecure Temporary File", + "cweId": "CWE-377" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "CloudForms Management Engine 5.x", + "version": { + "version_data": [ + { + "version_value": "0:5.2.4.2-1.el6cf", + "version_affected": "!" + }, + { + "version_value": "1:3.2.13-8.el6cf", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "68300", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/68300" + "url": "https://access.redhat.com/errata/RHSA-2014:0816", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0816" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1107528", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107528" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0816.html" }, { - "name": "RHSA-2014:0816", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0816.html" + "url": "http://www.securityfocus.com/bid/68300", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/68300" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2014-3486", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-3486" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107528", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1107528" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "LOCAL", + "authentication": "NONE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 6.9, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "COMPLETE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "COMPLETE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", + "version": "2.0" } ] } diff --git a/2014/3xxx/CVE-2014-3493.json b/2014/3xxx/CVE-2014-3493.json index a19c6338e4a..e6e42ab3248 100644 --- a/2014/3xxx/CVE-2014-3493.json +++ b/2014/3xxx/CVE-2014-3493.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3493", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference." + "value": "It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash." } ] }, @@ -44,128 +21,224 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Return of Wrong Status Code", + "cweId": "CWE-393" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:3.6.6-0.140.el5_10", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "0:3.6.9-169.el6_5", + "version_affected": "!" + }, + { + "version_value": "0:4.0.0-63.el6_5.rc4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "0:4.1.1-35.el7_0", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1", - "refsource": "CONFIRM", - "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html" }, { - "name": "MDVSA-2014:136", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html" }, { - "name": "RHSA-2014:0866", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0866.html" + "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml", + "refsource": "MISC", + "name": "http://security.gentoo.org/glsa/glsa-201502-15.xml" }, { - "name": "FEDORA-2014-9132", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082" }, { - "name": "61218", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/61218" + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", + "refsource": "MISC", + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" }, { - "name": "59834", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59834" + "url": "http://advisories.mageia.org/MGASA-2014-0279.html", + "refsource": "MISC", + "name": "http://advisories.mageia.org/MGASA-2014-0279.html" }, { - "name": "http://linux.oracle.com/errata/ELSA-2014-0866.html", - "refsource": "CONFIRM", - "url": "http://linux.oracle.com/errata/ELSA-2014-0866.html" + "url": "http://linux.oracle.com/errata/ELSA-2014-0866.html", + "refsource": "MISC", + "name": "http://linux.oracle.com/errata/ELSA-2014-0866.html" }, { - "name": "59848", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59848" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0866.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0866.html" }, { - "name": "20140711 [ MDVSA-2014:136 ] samba", - "refsource": "BUGTRAQ", - "url": "http://www.securityfocus.com/archive/1/532757/100/0/threaded" + "url": "http://secunia.com/advisories/59378", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59378" }, { - "name": "GLSA-201502-15", - "refsource": "GENTOO", - "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml" + "url": "http://secunia.com/advisories/59407", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59407" }, { - "name": "68150", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/68150" + "url": "http://secunia.com/advisories/59433", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59433" }, { - "name": "59407", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59407" + "url": "http://secunia.com/advisories/59579", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59579" }, { - "name": "FEDORA-2014-7672", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html" + "url": "http://secunia.com/advisories/59834", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59834" }, { - "name": "59433", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59433" + "url": "http://secunia.com/advisories/59848", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59848" }, { - "name": "59919", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59919" + "url": "http://secunia.com/advisories/59919", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59919" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108748", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108748" + "url": "http://secunia.com/advisories/61218", + "refsource": "MISC", + "name": "http://secunia.com/advisories/61218" }, { - "name": "http://advisories.mageia.org/MGASA-2014-0279.html", - "refsource": "CONFIRM", - "url": "http://advisories.mageia.org/MGASA-2014-0279.html" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136" }, { - "name": "59378", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59378" + "url": "http://www.securityfocus.com/archive/1/532757/100/0/threaded", + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/532757/100/0/threaded" }, { - "name": "MDVSA-2015:082", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082" + "url": "http://www.securitytracker.com/id/1030455", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1030455" }, { - "name": "59579", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59579" + "url": "https://access.redhat.com/errata/RHSA-2014:0866", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0866" }, { - "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", - "refsource": "CONFIRM", - "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" + "url": "https://access.redhat.com/errata/RHSA-2014:0867", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0867" }, { - "name": "http://www.samba.org/samba/security/CVE-2014-3493", - "refsource": "CONFIRM", - "url": "http://www.samba.org/samba/security/CVE-2014-3493" + "url": "https://access.redhat.com/errata/RHSA-2014:1009", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:1009" }, { - "name": "1030455", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1030455" + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1", + "refsource": "MISC", + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1" + }, + { + "url": "http://www.samba.org/samba/security/CVE-2014-3493", + "refsource": "MISC", + "name": "http://www.samba.org/samba/security/CVE-2014-3493" + }, + { + "url": "http://www.securityfocus.com/bid/68150", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/68150" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2014-3493", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-3493" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108748", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108748" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "ADJACENT_NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 2.7, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P", + "version": "2.0" } ] } diff --git a/2014/3xxx/CVE-2014-3496.json b/2014/3xxx/CVE-2014-3496.json index 72edbad9071..18c3fecdac2 100644 --- a/2014/3xxx/CVE-2014-3496.json +++ b/2014/3xxx/CVE-2014-3496.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3496", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file." + "value": "CVE-2014-3496 OpenShift Origin: Command execution as root via downloadable cartridge source-url" } ] }, @@ -44,43 +21,139 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat OpenShift Enterprise 2.0", + "version": { + "version_data": [ + { + "version_value": "0:1.17.5.17-1.el6op", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Enterprise 2.1", + "version": { + "version_data": [ + { + "version_value": "0:0.8.1.2-1.el6op", + "version_affected": "!" + }, + { + "version_value": "0:1.23.9.11-1.el6op", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "RHEL 6 Version of OpenShift Enterprise 1.2", + "version": { + "version_data": [ + { + "version_value": "0:1.9.14.8-1.el6op", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "59298", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59298" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0762.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0762.html" }, { - "name": "https://github.com/openshift/origin-server/pull/5521", - "refsource": "CONFIRM", - "url": "https://github.com/openshift/origin-server/pull/5521" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0763.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0763.html" }, { - "name": "RHSA-2014:0764", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0764.html" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0764.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0764.html" }, { - "name": "RHSA-2014:0762", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0762.html" + "url": "http://secunia.com/advisories/59298", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59298" }, { - "name": "RHSA-2014:0763", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0763.html" + "url": "https://access.redhat.com/errata/RHSA-2014:0762", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0762" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470" + "url": "https://access.redhat.com/errata/RHSA-2014:0763", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0763" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0764", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0764" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2014-3496", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-3496" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1110470" + }, + { + "url": "https://github.com/openshift/origin-server/pull/5521", + "refsource": "MISC", + "name": "https://github.com/openshift/origin-server/pull/5521" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 10, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "COMPLETE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "COMPLETE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "version": "2.0" } ] } diff --git a/2014/3xxx/CVE-2014-3497.json b/2014/3xxx/CVE-2014-3497.json index ae87e64361a..640474af4a4 100644 --- a/2014/3xxx/CVE-2014-3497.json +++ b/2014/3xxx/CVE-2014-3497.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3497", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header." + "value": "It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks (and possibly other impacts) if a user were tricked into clicking on a malicious URL." } ] }, @@ -44,48 +21,117 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:1.13.1-3.el7ost", + "version_affected": "!" + }, + { + "version_value": "0:2.1.0-2.el7ost", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-2256-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-2256-1" + "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-June/000243.html", + "refsource": "MISC", + "name": "http://lists.openstack.org/pipermail/openstack-announce/2014-June/000243.html" }, { - "name": "59532", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59532" + "url": "http://secunia.com/advisories/59532", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59532" }, { - "name": "https://review.openstack.org/#/c/101031/", - "refsource": "CONFIRM", - "url": "https://review.openstack.org/#/c/101031/" + "url": "http://www.openwall.com/lists/oss-security/2014/06/19/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/19/10" }, { - "name": "[oss-security] 20140619 [OSSA 2014-020] XSS in Swift requests through WWW-Authenticate header (CVE-2014-3497)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2014/06/19/10" + "url": "http://www.securityfocus.com/bid/68116", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/68116" }, { - "name": "68116", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/68116" + "url": "http://www.ubuntu.com/usn/USN-2256-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2256-1" }, { - "name": "[openstack-announce] 20140619 [OSSA 2014-020] XSS in Swift requests through WWW-Authenticate header (CVE-2014-3497)", - "refsource": "MLIST", - "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-June/000243.html" + "url": "https://access.redhat.com/errata/RHSA-2014:0941", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0941" }, { - "name": "https://review.openstack.org/#/c/101032/", - "refsource": "CONFIRM", - "url": "https://review.openstack.org/#/c/101032/" + "url": "https://access.redhat.com/security/cve/CVE-2014-3497", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-3497" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110809", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1110809" + }, + { + "url": "https://review.openstack.org/#/c/101031/", + "refsource": "MISC", + "name": "https://review.openstack.org/#/c/101031/" + }, + { + "url": "https://review.openstack.org/#/c/101032/", + "refsource": "MISC", + "name": "https://review.openstack.org/#/c/101032/" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "version": "2.0" } ] } diff --git a/2014/3xxx/CVE-2014-3499.json b/2014/3xxx/CVE-2014-3499.json index 33e33fbf234..0378240bbb6 100644 --- a/2014/3xxx/CVE-2014-3499.json +++ b/2014/3xxx/CVE-2014-3499.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3499", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors." + "value": "CVE-2014-3499 docker: systemd socket activation results in privilege escalation" } ] }, @@ -44,23 +21,83 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7 Extras", + "version": { + "version_data": [ + { + "version_value": "0:0.11.1-22.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1111687", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111687" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0820.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0820.html" }, { - "name": "RHSA-2014:0820", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0820.html" + "url": "https://access.redhat.com/errata/RHSA-2014:0820", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0820" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2014-3499", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-3499" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111687", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1111687" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "LOCAL", + "authentication": "NONE", + "availabilityImpact": "COMPLETE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.2, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "COMPLETE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "COMPLETE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "version": "2.0" } ] } diff --git a/2014/3xxx/CVE-2014-3517.json b/2014/3xxx/CVE-2014-3517.json index b6ccfd427ee..6d7b3e1682a 100644 --- a/2014/3xxx/CVE-2014-3517.json +++ b/2014/3xxx/CVE-2014-3517.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3517", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests." + "value": "A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that proxy metadata requests via Neutron." } ] }, @@ -44,23 +21,104 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Covert Timing Channel", + "cweId": "CWE-385" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "OpenStack 4 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:2013.2.3-12.el6ost", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", + "version": { + "version_data": [ + { + "version_value": "0:2014.1.1-4.el7ost", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20140717 [OSSA 2014-024] Use of non-constant time comparison operation (CVE-2014-3517)", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2014/07/17/2" + "url": "https://access.redhat.com/errata/RHSA-2014:1084", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:1084" }, { - "name": "https://bugs.launchpad.net/nova/+bug/1325128", - "refsource": "CONFIRM", - "url": "https://bugs.launchpad.net/nova/+bug/1325128" + "url": "http://www.openwall.com/lists/oss-security/2014/07/17/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/07/17/2" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0940", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0940" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2014-3517", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-3517" + }, + { + "url": "https://bugs.launchpad.net/nova/+bug/1325128", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/nova/+bug/1325128" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112499", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1112499" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 4.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "version": "2.0" } ] } diff --git a/2014/3xxx/CVE-2014-3520.json b/2014/3xxx/CVE-2014-3520.json index f6cbba74e2b..9fd8eb6968b 100644 --- a/2014/3xxx/CVE-2014-3520.json +++ b/2014/3xxx/CVE-2014-3520.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3520", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request." + "value": "A flaw was found in the way keystone handled trusts. A trustee could use an out-of-scope project ID to gain unauthorized access to a project if the trustor had the required roles for that requested project." } ] }, @@ -44,28 +21,104 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Incorrect Authorization", + "cweId": "CWE-863" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "OpenStack 3 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:2013.1.5-3.el6ost", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "OpenStack 4 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:2013.2.3-7.el6ost", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugs.launchpad.net/keystone/+bug/1331912", - "refsource": "CONFIRM", - "url": "https://bugs.launchpad.net/keystone/+bug/1331912" + "url": "https://access.redhat.com/errata/RHSA-2014:0994", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0994" }, { - "name": "[openstack-announce] 20140702 [OSSA 2014-022] Keystone V2 trusts privilege escalation through user supplied project id (CVE-2014-3520)", - "refsource": "MLIST", - "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html" + "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html", + "refsource": "MISC", + "name": "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html" }, { - "name": "59426", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/59426" + "url": "http://secunia.com/advisories/59426", + "refsource": "MISC", + "name": "http://secunia.com/advisories/59426" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2014-3520", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-3520" + }, + { + "url": "https://bugs.launchpad.net/keystone/+bug/1331912", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/keystone/+bug/1331912" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112668", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1112668" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 3.5, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", + "version": "2.0" } ] } diff --git a/2014/3xxx/CVE-2014-3521.json b/2014/3xxx/CVE-2014-3521.json index 28376a2ba4c..34a948b6487 100644 --- a/2014/3xxx/CVE-2014-3521.json +++ b/2014/3xxx/CVE-2014-3521.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3521", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL." + "value": "It was discovered that various components in the luci site extension-related URLs were not properly restricted to administrative users. A remote, authenticated attacker could escalate their privileges to perform certain actions that should be restricted to administrative users, such as adding users and systems, and viewing log data." } ] }, @@ -44,23 +21,83 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Missing Authorization", + "cweId": "CWE-862" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 5", + "version": { + "version_data": [ + { + "version_value": "0:0.12.2-81.el5", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1112813", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112813" + "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" }, { - "name": "RHSA-2014:1194", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" + "url": "https://access.redhat.com/errata/RHSA-2014:1194", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:1194" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2014-3521", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-3521" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112813", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1112813" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.5, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "version": "2.0" } ] } diff --git a/2014/3xxx/CVE-2014-3530.json b/2014/3xxx/CVE-2014-3530.json index e316543fc42..a13050b66b2 100644 --- a/2014/3xxx/CVE-2014-3530.json +++ b/2014/3xxx/CVE-2014-3530.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3530", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue." + "value": "It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks." } ] }, @@ -44,78 +21,285 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "JBEWP 5 for RHEL 5", + "version": { + "version_data": [ + { + "version_value": "0:2.1.5-3_patch_01.ep5.el5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "JBEWP 5 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:2.1.5-3_patch_01.el6_5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", + "version": { + "version_data": [ + { + "version_value": "0:2.1.5-3_patch_01.ep5.el4", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", + "version": { + "version_data": [ + { + "version_value": "0:2.1.5-3_patch_01.ep5.el5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:2.1.5-3_patch_01.el6_5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", + "version": { + "version_data": [ + { + "version_value": "0:2.1.9-5.SP3_redhat_2.1.ep6.el5", + "version_affected": "!" + } + ] + } + }, + { + "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", + "version": { + "version_data": [ + { + "version_value": "0:2.1.9-5.SP3_redhat_2.1.ep6.el6", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2014:0886", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0886.html" + "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { - "name": "RHSA-2014:0885", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0885.html" + "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { - "name": "RHSA-2015:0765", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" + "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { - "name": "60124", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/60124" + "url": "https://access.redhat.com/errata/RHSA-2014:0910", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0910" }, { - "name": "RHSA-2015:0675", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" + "url": "https://access.redhat.com/errata/RHSA-2015:0234", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2015:0234" }, { - "name": "RHSA-2015:0720", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" + "url": "https://access.redhat.com/errata/RHSA-2015:0235", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2015:0235" }, { - "name": "RHSA-2014:0884", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0884.html" + "url": "https://access.redhat.com/errata/RHSA-2015:0675", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2015:0675" }, { - "name": "RHSA-2015:1888", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html" + "url": "https://access.redhat.com/errata/RHSA-2015:0720", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2015:0720" }, { - "name": "RHSA-2015:0091", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2015-0091.html" + "url": "https://access.redhat.com/errata/RHSA-2015:0765", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2015:0765" }, { - "name": "60047", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/60047" + "url": "https://access.redhat.com/errata/RHSA-2015:1009", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2015:1009" }, { - "name": "RHSA-2014:0883", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2014-0883.html" + "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-1888.html" }, { - "name": "1030607", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1030607" + "url": "https://access.redhat.com/errata/RHSA-2015:1888", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2015:1888" }, { - "name": "jboss-cve20143530-info-disc(94700)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94700" + "url": "http://rhn.redhat.com/errata/RHSA-2014-0883.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0883.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2014-0884.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0884.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2014-0885.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0885.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2014-0886.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-0886.html" + }, + { + "url": "http://rhn.redhat.com/errata/RHSA-2015-0091.html", + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-0091.html" + }, + { + "url": "http://secunia.com/advisories/60047", + "refsource": "MISC", + "name": "http://secunia.com/advisories/60047" + }, + { + "url": "http://secunia.com/advisories/60124", + "refsource": "MISC", + "name": "http://secunia.com/advisories/60124" + }, + { + "url": "http://www.securitytracker.com/id/1030607", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1030607" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0883", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0883" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0884", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0884" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0885", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0885" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0886", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0886" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0897", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0897" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2014:0898", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2014:0898" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2015:0091", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2015:0091" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2014-3530", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2014-3530" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112987", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1112987" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94700", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94700" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Alexander Papadakis for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "NONE", + "availabilityImpact": "PARTIAL", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.5, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "PARTIAL", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "PARTIAL", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "version": "2.0" } ] } diff --git a/2015/3xxx/CVE-2015-3235.json b/2015/3xxx/CVE-2015-3235.json index 711a93fa24b..f43fe663fd8 100644 --- a/2015/3xxx/CVE-2015-3235.json +++ b/2015/3xxx/CVE-2015-3235.json @@ -1,40 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3235", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors." + "value": "It was discovered that in Foreman the edit_users permissions (for example, granted to the Manager role) allowed the user to edit admin user passwords. An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges." } ] }, @@ -44,38 +21,2369 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Satellite 6.1", + "version": { + "version_data": [ + { + "version_value": "0:1.0-5.3.ep5.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.4-16.redhat_3.1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.6-4_redhat_1.ep6.el6.1", + "version_affected": "!" + }, + { + "version_value": "0:1-8.2_redhat_1.ep6.el6.1", + "version_affected": "!" + }, + { + "version_value": "0:1.46-3.5_redhat_1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.9.1.2-2.ep5.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.9.49.3-1.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.0.22-1.el6", + "version_affected": "!" + }, + { + "version_value": "0:1-5.el6_4", + "version_affected": "!" + }, + { + "version_value": "0:2.1.5-5.el6_4", + "version_affected": "!" + }, + { + "version_value": "0:1.7R3-1.el6_4", + "version_affected": "!" + }, + { + "version_value": "0:0.7.4-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.6.1-11.8_redhat_1.ep6.el6.1", + "version_affected": "!" + }, + { + "version_value": "1:1.7.6-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:11-2.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.7.2.33-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.1.0-36", + "version_affected": "!" + }, + { + "version_value": "0:1.7.2.5-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.7.2.13-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.9.6-6.el6_2", + "version_affected": "!" + }, + { + "version_value": "0:1.1.1-9_redhat_1.ep6.el6.1", + "version_affected": "!" + }, + { + "version_value": "0:1.4.4-6_redhat_1.ep6.el6.1", + "version_affected": "!" + }, + { + "version_value": "0:2.2.5-19.redhat_7.2.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:2.6.2-2.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0-3.3.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:3.0-2_redhat_1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:2.0-3.el6sat.2", + "version_affected": "!" + }, + { + "version_value": "0:1.0.15.0-1.el6", + "version_affected": "!" + }, + { + "version_value": "0:4.0.1-2.Final_redhat_1.1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:4.2.5-1.Final_redhat_1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:4.3.1-2.Final_redhat_1.1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-4.7.GA_redhat_2.ep6.el6.3", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-5.Final_redhat_2.1.ep6.el6.4", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-3.el6_4", + "version_affected": "!" + }, + { + "version_value": "0:2.3.5-2.Final_redhat_2.1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:6-9.redhat_1.3.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:20130517-7.1fm.gitc4bce43.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-3.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-2.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:3.12.1-1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:2.2.17-4.GA_redhat_1.ep6.el6.1", + "version_affected": "!" + }, + { + "version_value": "0:1.0.4-3.Final_redhat_2.1.ep6.el6.1", + "version_affected": "!" + }, + { + "version_value": "0:3.1.2-3.GA_redhat_1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-1.Beta2_redhat_1.1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-6.Final_redhat_2.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "1:4.16.2-1.Final.3.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.1.1-4.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:2.2.0.14-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.2.5-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.2.1-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.3.17-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.1.0-5.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "1:13.4.1-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.13-3.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:4.6.1-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.4-1.pulp.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.4.6-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.2.6-1_redhat_1.2.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:20100601-4.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:3.3.1-5_redhat_1.1.ep6.el6.1", + "version_affected": "!" + }, + { + "version_value": "0:1.2.4-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.90.10.redhat_1-2", + "version_affected": "!" + }, + { + "version_value": "0:2.6.0.15-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.5-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.6.2-4.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.3-9.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:4.2.1-1.20140510git08b00d9.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5.3-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.5.6-6.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.4.6-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.3-4.el6sat", + "version_affected": "!" + }, + { + "version_value": "1:3.0.8.1-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "1:3.3.0.17-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3-2.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.1.11-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.2.2-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.2-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "1:0.10.1-4.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.7.2-1.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5.0-4.pulp.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.23-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.6-3.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "1:3.0.24-10.pulp.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.7.10-2.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3.1-2.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.5.211-8.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.32-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.5.2-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.30-6.el6", + "version_affected": "!" + }, + { + "version_value": "0:2.4.3-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.2.0-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.37-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.8.3-2.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.30-9.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.4-7.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.30-3.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.9-4.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.30-5.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.30-4.el6", + "version_affected": "!" + }, + { + "version_value": "0:2.3.7.2-1.Final_redhat_1.1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.6.18-5.el6_4", + "version_affected": "!" + }, + { + "version_value": "0:2.3.5-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.4.0-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.7.2-11.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.2-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.4.3-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.3-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.5-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5.2-9.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.0.0-5.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.0.0-8.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.3-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0.10-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0-6.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.7-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.1.4-10.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-4.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.7.2-7.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.17.0-1.1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.7.7.9-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.38.0-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.9.16-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.8.8-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.8.0-13.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.9-11.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.24.0-3.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.24.0-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-2.1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.3-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.1-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.9-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.0-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.4.2-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.5-2.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:4.0.2.13-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0.19-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.2.0.18-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1.9-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.7-2.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.2.10-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.1-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.15.4-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.1-9.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:4.0.10.1-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.10.0-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.8-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.4-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.1.6-6.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.4-8.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.22-5.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.2-7.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.8.6-11.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.7-5.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.8.0-6.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:4.0.2-8.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.4-4.el6sam", + "version_affected": "!" + }, + { + "version_value": "0:0.1.8-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.2.0.65-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.2-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.5.1-2.1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.5.0-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.1.3-17.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.8.1-26.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.8.2-4.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.2.0-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.1-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.1.0-5.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.6.7-5.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.5.11-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.4.7-8.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.4.2-2.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1.2-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:4.0.18-19.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.12.2-10.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.7-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.30.0-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.9.0-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.29-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.6.0-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.4-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.6.7-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-16.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.1-9.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5.1-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.1.1-15.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3.5-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.2.1-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.2.13-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0.1-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.7.1-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3.3-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.45.0-6.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:4.1.3-7.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.4.5-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.10.1-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.1-11.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.2-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0-5.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.3-4.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.6-5.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.1.3-6.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.0-1.3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.1.0-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.0.2-10.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.2-6.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.4.1-1.el6_4", + "version_affected": "!" + }, + { + "version_value": "0:0.0.11-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-12.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.15-5.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0-7.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.2-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.5.4-10.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.4.0-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.0.4-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.1.2-4.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.4.11-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.6.5-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.4.14-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.2.7-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1.10-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.3.9-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.3.5-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1.3-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.10.19-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.7.17-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.5-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.6.21-1.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.4.6-2.el6", + "version_affected": "!" + }, + { + "version_value": "0:0.6.5.9-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.4.4-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.9-7.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.19-7.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.11-8.el6sat", + "version_affected": "!" + }, + { + "version_value": "1:1.4.1-13.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.5.0-7.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.9.2.2-41.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5.1-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:3.12-27.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.2-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.10.0-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "1:1.3.6-27.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.6-5.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2.1-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0.9-1.el6_6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.5.1-3.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.14.6-5.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3.3-18.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.5-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.4.1-13.el6_4", + "version_affected": "!" + }, + { + "version_value": "0:0.22-5.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-4.redhat_1.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.6.5-0.9.git58097d9.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:2.2.2-2.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.7.5-4.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:1.0.4-2.el6sat", + "version_affected": "!" + }, + { + "version_value": "1:2.6.1-9_redhat_2.ep6.el6", + "version_affected": "!" + }, + { + "version_value": "0:20110809-5_redhat_2.ep6.el6.3", + "version_affected": "!" + }, + { + "version_value": "1:3.14.5.10-9.el6sat", + "version_affected": "!" + }, + { + "version_value": "0:1.13.1-13.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.9.2-9.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0-8.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.4-16.redhat_3.1.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.2-8.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.6-10.redhat_3.1.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:10-14.el7", + "version_affected": "!" + }, + { + "version_value": "0:2-11.el7", + "version_affected": "!" + }, + { + "version_value": "0:1-13.20100611svn86.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.46-7.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.4.0-19.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.9.1.2-3.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.9.49.3-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.22-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.0-2_redhat_1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.1.5-6.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.7R3-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0-11.SP4.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.2-18.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.7.4-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.90.10-7.el7", + "version_affected": "!" + }, + { + "version_value": "1:1.7.6-2.1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:11-2.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.2.1-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.7.2.33-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.7.2.5-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.7.2.13-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.9.6-7.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.6.2-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.1.3-9.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.0-3.el7sat.2", + "version_affected": "!" + }, + { + "version_value": "0:1.8.9-7.el7", + "version_affected": "!" + }, + { + "version_value": "0:13.0-6.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.15.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.6-9.el7", + "version_affected": "!" + }, + { + "version_value": "0:332.14-12.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.0.1-5.Final_redhat_2.1.ep6.el7.3", + "version_affected": "!" + }, + { + "version_value": "0:4.2.7-6.SP2_redhat_1.1.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.3.1-1.Final_redhat_1.1.ep6.el7.4", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-4.7.GA_redhat_2.ep6.el7.3", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-5.Final_redhat_2.1.ep6.el7.4", + "version_affected": "!" + }, + { + "version_value": "0:1.3.1-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.3.14-1.Final_redhat_1.1.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:20130517-7.1fm.gitc4bce43.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-3.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-1.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-2.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-5.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.6.1-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.9-7.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.4-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-0.7.20120212git2fabd8.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-0.9.20120319git49a904.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.4-3.Final_redhat_2.1.ep6.el7.1", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-7.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.1.4-1.GA_redhat_1.1.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:14-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-9.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-0.7.Beta2.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-8.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1-9.Final_redhat_2.2.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.1.50-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.6.1-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:0-0.18.20090319svn.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.1-6.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.2.0.14-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.2.5-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.2.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.3.17-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:5.3.21-17.el7_0.1", + "version_affected": "!" + }, + { + "version_value": "0:3.1.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "1:20.4-1.5.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.13-6.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.6.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.0.5-16.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.2.1-47.el7", + "version_affected": "!" + }, + { + "version_value": "1:1.0-10.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.4-11.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.1-4.el7", + "version_affected": "!" + }, + { + "version_value": "1:1.2.1-8.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.1.1-9.el7", + "version_affected": "!" + }, + { + "version_value": "0:20-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.2.1-12.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.4-7.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.8.1-2.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1-6.el7", + "version_affected": "!" + }, + { + "version_value": "1:1.1-7.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.4-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.4-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.7-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.4.9-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.9.14-13.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.6.7-1.Final_redhat_1.1.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:20100601-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.3.1-9.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.2.4-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.7-11.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.7-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.4.2-8.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.2-7.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0-0.16.alpha15.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.5.5-14.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0-0.14.alpha6.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.15-8.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0-0.15.a7.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.4-13.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.0.9-9.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.8-16.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.6.0.15-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.5-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.6.2-4.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.3-9.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:4.2.1-1.20140510git08b00d9.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.4.6-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.3-5.el7sat", + "version_affected": "!" + }, + { + "version_value": "1:3.0.8.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "1:3.3.0.17-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.1.11-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.2.2-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "1:0.10.1-4.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.0-6.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5.0-4.pulp.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.23-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.7.2-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "1:3.0.24-10.pulp.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.7.10-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3.1-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.5.211-8.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.32-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.5.2-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.30-6.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.4.3-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.2.0-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.2.0-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.37-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.9.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.30-9.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.4-7.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.30-3.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.9-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.30-5.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.30-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.3.8-4.Final_redhat_3.1.ep6.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.6.18-5.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.3.5-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.4.0-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.7.2-11.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.2-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.4.3-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.3-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5.2-9.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.0.0-5.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.0.0-8.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.3-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0.10-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0-6.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.7-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.4-10.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0-4.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.7.2-7.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.17.0-1.1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.7.7.9-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.38.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.9.16-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.8.8-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.8.0-13.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.9.3-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.24.0-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.24.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-2.1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.0.3-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.1.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.3.9-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.1.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.4.2-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.5-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:4.0.2.13-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.0.19-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.2.0.18-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1.9-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.7-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.2.10-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.15.4-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.1-9.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:4.0.10.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.10.0-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.8-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.4-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.1.6-6.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.4-8.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.22-5.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.2-7.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.8.6-11.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.7-5.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.8.0-6.el7", + "version_affected": "!" + }, + { + "version_value": "0:4.0.2-8.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.4-4.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.8-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.2.0.65-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.5.1-2.1.el7", + "version_affected": "!" + }, + { + "version_value": "0:2.5.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.3-17.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.8.1-26.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.8.2-4.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.2.0-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.1-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.1.0-5.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.6.7-5.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.5.11-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.4.7-8.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.4.2-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.1.2-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:4.0.18-19.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.12.2-10.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.7-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.30.0-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.9.0-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.29-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.6.0-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.4-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.6.7-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.0-16.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.1-9.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.1.1-15.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3.5-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.2.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.2.13-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.7.1-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3.3-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.45.0-6.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:4.1.3-7.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.4.5-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.10.1-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.1-11.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.2-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0-5.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.3-4.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.6-5.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.1.3-6.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2.0-1.3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.1.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:3.0.2-10.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.2-6.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5.0-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.0.11-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2-12.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0-7.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.2-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.5.4-10.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.4.0-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.0.4-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.1.2-4.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.4.11-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.6.5-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.4.14-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.1.2.7-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1.10-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.3.9-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.3.5-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.1.3-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.10.19-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.7.17-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.5-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.6.21-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.5.9-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.0.4.4-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.0.9-7.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.19-7.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.11-8.el7sat", + "version_affected": "!" + }, + { + "version_value": "1:1.4.1-13.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.5.0-7.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.9.2.2-41.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.5.1-1.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.1.2-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.10.0-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.2-1.el7", + "version_affected": "!" + }, + { + "version_value": "1:1.3.6-27.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.0.2.1-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.3.0.9-1.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.5.1-3.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.3.3-18.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:0.6.5-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.4.1-21.el7", + "version_affected": "!" + }, + { + "version_value": "0:0.22-5.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:1.6.5-0.9.git58097d9.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:2.3.0-11.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.0.4-2.el7sat", + "version_affected": "!" + }, + { + "version_value": "1:3.14.5.10-11.el7sat", + "version_affected": "!" + }, + { + "version_value": "0:3.13-6.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.1.3.8-11.el7", + "version_affected": "!" + }, + { + "version_value": "0:1.3.1-10.el7", + "version_affected": "!" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1232366", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232366" + "url": "https://access.redhat.com/errata/RHSA-2015:1591", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2015:1591" }, { - "name": "RHSA-2015:1592", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2015:1592" + "url": "https://access.redhat.com/errata/RHSA-2015:1592", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2015:1592" }, { - "name": "http://projects.theforeman.org/issues/10829", - "refsource": "CONFIRM", - "url": "http://projects.theforeman.org/issues/10829" + "url": "http://projects.theforeman.org/issues/10829", + "refsource": "MISC", + "name": "http://projects.theforeman.org/issues/10829" }, { - "name": "http://theforeman.org/manuals/1.9/index.html#Releasenotesfor1.9", - "refsource": "CONFIRM", - "url": "http://theforeman.org/manuals/1.9/index.html#Releasenotesfor1.9" + "url": "http://theforeman.org/manuals/1.9/index.html#Releasenotesfor1.9", + "refsource": "MISC", + "name": "http://theforeman.org/manuals/1.9/index.html#Releasenotesfor1.9" }, { - "name": "RHSA-2015:1591", - "refsource": "REDHAT", - "url": "https://access.redhat.com/errata/RHSA-2015:1591" + "url": "https://access.redhat.com/security/cve/CVE-2015-3235", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2015-3235" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232366", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1232366" + } + ] + }, + "impact": { + "cvss": [ + { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 6.3, + "collateralDamagePotential": "NOT_DEFINED", + "confidentialityImpact": "NONE", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 0, + "exploitability": "NOT_DEFINED", + "integrityImpact": "COMPLETE", + "integrityRequirement": "NOT_DEFINED", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "targetDistribution": "NOT_DEFINED", + "temporalScore": 0, + "vectorString": "AV:N/AC:M/Au:S/C:N/I:C/A:N", + "version": "2.0" } ] }