diff --git a/2010/2xxx/CVE-2010-2480.json b/2010/2xxx/CVE-2010-2480.json index 4341aee1275..cc676f79401 100644 --- a/2010/2xxx/CVE-2010-2480.json +++ b/2010/2xxx/CVE-2010-2480.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2010-2480 Python-Mako (prior v0.3.4): Improper escaping of single quotes in escape.cgi (XSS)" + "value": "Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" + "value": "n/a" } ] } @@ -40,8 +39,8 @@ "version": { "version_data": [ { - "version_value": "n/a", - "version_affected": "=" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -73,41 +72,6 @@ "url": "http://www.makotemplates.org/CHANGES", "refsource": "MISC", "name": "http://www.makotemplates.org/CHANGES" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2010-2480", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2010-2480" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=609573", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=609573" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 5.8, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "PARTIAL", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2481.json b/2010/2xxx/CVE-2010-2481.json index b708e52f4fc..7e6e08e713a 100644 --- a/2010/2xxx/CVE-2010-2481.json +++ b/2010/2xxx/CVE-2010-2481.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2010-2481 libtiff: TIFFExtractData out-of-bounds read crash" + "value": "The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Out-of-bounds Read", - "cweId": "CWE-125" + "value": "n/a" } ] } @@ -32,27 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 4", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:3.6.1-12.el4_8.5", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 5", - "version": { - "version_data": [ - { - "version_value": "0:3.8.2-7.el5_5.5", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -124,46 +112,6 @@ "url": "http://www.vupen.com/english/advisories/2010/1761", "refsource": "MISC", "name": "http://www.vupen.com/english/advisories/2010/1761" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2010:0519", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2010:0519" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2010-2481", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2010-2481" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=611895", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=611895" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "version": "2.0" } ] } diff --git a/2010/2xxx/CVE-2010-2482.json b/2010/2xxx/CVE-2010-2482.json index 2d7be28409b..c8fbc0a40ce 100644 --- a/2010/2xxx/CVE-2010-2482.json +++ b/2010/2xxx/CVE-2010-2482.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2010-2443 CVE-2010-2482 libtiff: OJPEGReadBufferFill NULL deref crash" + "value": "LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "NULL Pointer Dereference", - "cweId": "CWE-476" + "value": "n/a" } ] } @@ -40,8 +39,8 @@ "version": { "version_data": [ { - "version_value": "n/a", - "version_affected": "=" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -99,11 +98,6 @@ "refsource": "MISC", "name": "http://bugzilla.maptools.org/show_bug.cgi?id=1996" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2010-2482", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2010-2482" - }, { "url": "https://bugs.launchpad.net/bugs/597246", "refsource": "MISC", @@ -120,30 +114,5 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=608010" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4526.json b/2010/4xxx/CVE-2010-4526.json index 24e0771d88e..e8d06268a69 100644 --- a/2010/4xxx/CVE-2010-4526.json +++ b/2010/4xxx/CVE-2010-4526.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()" + "value": "Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", - "cweId": "CWE-119" + "value": "n/a" } ] } @@ -32,38 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 5", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.6.18-238.1.1.el5", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 6", - "version": { - "version_data": [ - { - "version_value": "0:2.6.32-71.24.1.el6", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise MRG 2", - "version": { - "version_data": [ - { - "version_value": "0:2.6.33.9-rt31.75.el6rt", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -91,16 +68,6 @@ "refsource": "MISC", "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" }, - { - "url": "https://access.redhat.com/errata/RHSA-2011:0421", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2011:0421" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2011:1253", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2011:1253" - }, { "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819", "refsource": "MISC", @@ -136,21 +103,6 @@ "refsource": "MISC", "name": "http://www.vupen.com/english/advisories/2011/0169" }, - { - "url": "https://access.redhat.com/errata/RHSA-2011:0163", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2011:0163" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2010-4526", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2010-4526" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=664914", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=664914" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526", "refsource": "MISC", @@ -162,30 +114,5 @@ "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64616" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 7.1, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4527.json b/2010/4xxx/CVE-2010-4527.json index ae0d680c04b..b0535b2e63b 100644 --- a/2010/4xxx/CVE-2010-4527.json +++ b/2010/4xxx/CVE-2010-4527.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4527", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,62 +27,86 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20101231 Re: CVE request: kernel: buffer overflow in OSS load_mixer_volumes", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2010/12/31/4" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=667615", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667615" - }, - { - "name": "http://xorl.wordpress.com/2011/01/09/cve-2010-4527-linux-kernel-oss-sound-card-driver-buffer-overflow/", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html", "refsource": "MISC", - "url": "http://xorl.wordpress.com/2011/01/09/cve-2010-4527-linux-kernel-oss-sound-card-driver-buffer-overflow/" + "name": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" + "url": "http://secunia.com/advisories/43291", + "refsource": "MISC", + "name": "http://secunia.com/advisories/43291" }, { - "name": "45629", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/45629" + "url": "http://www.vupen.com/english/advisories/2011/0375", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2011/0375" }, { - "name": "[oss-security] 20101230 CVE request: kernel: buffer overflow in OSS load_mixer_volumes", - "refsource": "MLIST", - "url": "http://openwall.com/lists/oss-security/2010/12/31/1" + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" }, { - "name": "42765", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/42765" + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d81a12bc29ae4038770e05dce4ab7f26fd5880fb", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d81a12bc29ae4038770e05dce4ab7f26fd5880fb" }, { - "name": "ADV-2011-0375", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2011/0375" + "url": "http://openwall.com/lists/oss-security/2010/12/31/1", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2010/12/31/1" }, { - "name": "SUSE-SA:2011:008", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" + "url": "http://openwall.com/lists/oss-security/2010/12/31/4", + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2010/12/31/4" }, { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d81a12bc29ae4038770e05dce4ab7f26fd5880fb", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d81a12bc29ae4038770e05dce4ab7f26fd5880fb" + "url": "http://secunia.com/advisories/42765", + "refsource": "MISC", + "name": "http://secunia.com/advisories/42765" }, { - "name": "43291", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/43291" + "url": "http://www.securityfocus.com/bid/45629", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/45629" + }, + { + "url": "http://xorl.wordpress.com/2011/01/09/cve-2010-4527-linux-kernel-oss-sound-card-driver-buffer-overflow/", + "refsource": "MISC", + "name": "http://xorl.wordpress.com/2011/01/09/cve-2010-4527-linux-kernel-oss-sound-card-driver-buffer-overflow/" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667615", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=667615" } ] } diff --git a/2010/4xxx/CVE-2010-4528.json b/2010/4xxx/CVE-2010-4528.json index 45a5ac8f59c..ac0b3f70c85 100644 --- a/2010/4xxx/CVE-2010-4528.json +++ b/2010/4xxx/CVE-2010-4528.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4528", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,102 +27,126 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=665421", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421" + "url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c", + "refsource": "MISC", + "name": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c" }, { - "name": "SUSE-SR:2011:001", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" + "url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031", + "refsource": "MISC", + "name": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031" }, { - "name": "[oss-security] 20101227 CVE Request -- Pidgin v2.7.6 <= x <= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2010/12/27/1" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html" }, { - "name": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c", - "refsource": "CONFIRM", - "url": "http://developer.pidgin.im/viewmtn/revision/diff/e76f4ad4ef2f10588195a0eedc7a08f82062f79c/with/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031/libpurple/protocols/msn/directconn.c" + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html", + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html" }, { - "name": "[oss-security] 20101231 Re: CVE Request -- Pidgin v2.7.6 <= x <= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2010/12/31/5" + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" }, { - "name": "http://www.pidgin.im/news/security/?id=49", - "refsource": "CONFIRM", - "url": "http://www.pidgin.im/news/security/?id=49" + "url": "http://pidgin.im/pipermail/support/2010-December/009251.html", + "refsource": "MISC", + "name": "http://pidgin.im/pipermail/support/2010-December/009251.html" }, { - "name": "MDVSA-2010:259", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259" + "url": "http://secunia.com/advisories/42732", + "refsource": "MISC", + "name": "http://secunia.com/advisories/42732" }, { - "name": "oval:org.mitre.oval:def:18461", - "refsource": "OVAL", - "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461" + "url": "http://secunia.com/advisories/42824", + "refsource": "MISC", + "name": "http://secunia.com/advisories/42824" }, { - "name": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031", - "refsource": "CONFIRM", - "url": "http://developer.pidgin.im/viewmtn/revision/info/aaa07bde3c51d3684391ae6ed86b6dbaeab5d031" + "url": "http://secunia.com/advisories/42877", + "refsource": "MISC", + "name": "http://secunia.com/advisories/42877" }, { - "name": "45581", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/45581" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:259" }, { - "name": "42877", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/42877" + "url": "http://www.openwall.com/lists/oss-security/2010/12/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2010/12/27/1" }, { - "name": "ADV-2011-0028", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2011/0028" + "url": "http://www.openwall.com/lists/oss-security/2010/12/31/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2010/12/31/5" }, { - "name": "[support] 20101227 Pidgin 2.7.9 released", - "refsource": "MLIST", - "url": "http://pidgin.im/pipermail/support/2010-December/009251.html" + "url": "http://www.pidgin.im/news/security/?id=49", + "refsource": "MISC", + "name": "http://www.pidgin.im/news/security/?id=49" }, { - "name": "42732", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/42732" + "url": "http://www.securityfocus.com/bid/45581", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/45581" }, { - "name": "ADV-2011-0076", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2011/0076" + "url": "http://www.vupen.com/english/advisories/2011/0028", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2011/0028" }, { - "name": "ADV-2011-0054", - "refsource": "VUPEN", - "url": "http://www.vupen.com/english/advisories/2011/0054" + "url": "http://www.vupen.com/english/advisories/2011/0054", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2011/0054" }, { - "name": "FEDORA-2010-19314", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052862.html" + "url": "http://www.vupen.com/english/advisories/2011/0076", + "refsource": "MISC", + "name": "http://www.vupen.com/english/advisories/2011/0076" }, { - "name": "FEDORA-2010-19317", - "refsource": "FEDORA", - "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052905.html" + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461", + "refsource": "MISC", + "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18461" }, { - "name": "42824", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/42824" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=665421", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=665421" } ] } diff --git a/2011/4xxx/CVE-2011-4348.json b/2011/4xxx/CVE-2011-4348.json index 4312eaffe70..04d63c13395 100644 --- a/2011/4xxx/CVE-2011-4348.json +++ b/2011/4xxx/CVE-2011-4348.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2011-4348 kernel: incomplete fix for CVE-2011-2482" + "value": "Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", - "cweId": "CWE-119" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 5", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:2.6.18-274.17.1.el5", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -54,11 +53,6 @@ }, "references": { "reference_data": [ - { - "url": "https://access.redhat.com/errata/RHSA-2012:0007", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2012:0007" - }, { "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29", "refsource": "MISC", @@ -75,44 +69,14 @@ "name": "http://www.openwall.com/lists/oss-security/2012/03/05/2" }, { - "url": "https://access.redhat.com/security/cve/CVE-2011-4348", + "url": "https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2011-4348" + "name": "https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=757143", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=757143" - }, - { - "url": "https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6", - "refsource": "MISC", - "name": "https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 7.1, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "version": "2.0" } ] } diff --git a/2011/4xxx/CVE-2011-4350.json b/2011/4xxx/CVE-2011-4350.json index dc4a417cafb..0d5b0f22631 100644 --- a/2011/4xxx/CVE-2011-4350.json +++ b/2011/4xxx/CVE-2011-4350.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4350", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "yaws", - "product": { - "product_data": [ - { - "product_name": "yaws", - "version": { - "version_data": [ - { - "version_value": "1.91" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,12 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "yaws", + "product": { + "product_data": [ + { + "product_name": "yaws", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.91" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2011-4350", + "url": "https://access.redhat.com/security/cve/cve-2011-4350", "refsource": "MISC", - "name": "https://security-tracker.debian.org/tracker/CVE-2011-4350" + "name": "https://access.redhat.com/security/cve/cve-2011-4350" + }, + { + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650009", + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650009" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4350", @@ -63,19 +69,14 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4350" }, { - "url": "https://access.redhat.com/security/cve/cve-2011-4350", + "url": "https://security-tracker.debian.org/tracker/CVE-2011-4350", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/cve-2011-4350" + "name": "https://security-tracker.debian.org/tracker/CVE-2011-4350" }, { + "url": "https://www.openwall.com/lists/oss-security/2011/11/25/7", "refsource": "MISC", - "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650009", - "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650009" - }, - { - "refsource": "MISC", - "name": "https://www.openwall.com/lists/oss-security/2011/11/25/7", - "url": "https://www.openwall.com/lists/oss-security/2011/11/25/7" + "name": "https://www.openwall.com/lists/oss-security/2011/11/25/7" } ] } diff --git a/2011/4xxx/CVE-2011-4358.json b/2011/4xxx/CVE-2011-4358.json index d16ac62b340..d5b396565d5 100644 --- a/2011/4xxx/CVE-2011-4358.json +++ b/2011/4xxx/CVE-2011-4358.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4358", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,22 +27,46 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource": "CONFIRM", - "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { - "name": "1027277", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id?1027277" + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "MISC", + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { - "name": "MDVSA-2013:150", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + "url": "http://www.securitytracker.com/id?1027277", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id?1027277" } ] } diff --git a/2012/3xxx/CVE-2012-3437.json b/2012/3xxx/CVE-2012-3437.json index 8d06134a876..a514004e37a 100644 --- a/2012/3xxx/CVE-2012-3437.json +++ b/2012/3xxx/CVE-2012-3437.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-3437", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,62 +27,86 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "54714", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/54714" - }, - { - "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243", - "refsource": "CONFIRM", - "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243" - }, - { - "name": "imagemagick-png-dos(77260)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77260" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=844101", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00101.html", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=844101" + "name": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00101.html" }, { - "name": "MDVSA-2013:092", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:092" + "url": "http://secunia.com/advisories/50091", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50091" }, { - "name": "1027321", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id?1027321" + "url": "http://secunia.com/advisories/50398", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50398" }, { - "name": "MDVSA-2012:160", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:160" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:160", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:160" }, { - "name": "openSUSE-SU-2013:0535", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00101.html" + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:092", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:092" }, { - "name": "50398", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50398" + "url": "http://www.securityfocus.com/bid/54714", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/54714" }, { - "name": "50091", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50091" + "url": "http://www.securitytracker.com/id?1027321", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id?1027321" }, { - "name": "USN-1544-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1544-1" + "url": "http://www.ubuntu.com/usn/USN-1544-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1544-1" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77260", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77260" + }, + { + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243", + "refsource": "MISC", + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=844101", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=844101" } ] } diff --git a/2012/3xxx/CVE-2012-3438.json b/2012/3xxx/CVE-2012-3438.json index bd2ef546cb3..e475b7acd70 100644 --- a/2012/3xxx/CVE-2012-3438.json +++ b/2012/3xxx/CVE-2012-3438.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-3438", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "MDVSA-2012:165", - "refsource": "MANDRIVA", - "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:165" - }, - { - "name": "http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2", - "refsource": "CONFIRM", - "url": "http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2" - }, - { - "name": "50090", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/50090" - }, - { - "name": "graphicsmagick-png-dos(77259)", - "refsource": "XF", - "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77259" - }, - { - "name": "openSUSE-SU-2013:0536", - "refsource": "SUSE", - "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00102.html" - }, - { - "name": "54716", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/54716" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=844105", + "url": "http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=844105" + "name": "http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2" + }, + { + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00102.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00102.html" + }, + { + "url": "http://secunia.com/advisories/50090", + "refsource": "MISC", + "name": "http://secunia.com/advisories/50090" + }, + { + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:165", + "refsource": "MISC", + "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:165" + }, + { + "url": "http://www.securityfocus.com/bid/54716", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/54716" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77259", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77259" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=844105", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=844105" } ] } diff --git a/2012/3xxx/CVE-2012-3440.json b/2012/3xxx/CVE-2012-3440.json index 1aa3ee97882..9939bf736c2 100644 --- a/2012/3xxx/CVE-2012-3440.json +++ b/2012/3xxx/CVE-2012-3440.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2012-3440 sudo: insecure temporary file use in RPM %postun script" + "value": "A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Time-of-check Time-of-use (TOCTOU) Race Condition", - "cweId": "CWE-367" + "value": "n/a" } ] } @@ -32,16 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux 5", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:1.7.2p1-14.el5_8.2", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -64,46 +63,11 @@ "refsource": "MISC", "name": "http://www.securityfocus.com/bid/54868" }, - { - "url": "https://access.redhat.com/errata/RHSA-2012:1149", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2012:1149" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2012-3440", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2012-3440" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=844442", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=844442" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "HIGH", - "accessVector": "LOCAL", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 5.6, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "COMPLETE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:C", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0328.json b/2013/0xxx/CVE-2013-0328.json index 411f8656238..3c9ab10f4fe 100644 --- a/2013/0xxx/CVE-2013-0328.json +++ b/2013/0xxx/CVE-2013-0328.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2013-0328 jenkins: XSS" + "value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", - "cweId": "CWE-79" + "value": "n/a" } ] } @@ -32,28 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "RHEL 6 Version of OpenShift Enterprise", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:1.502-1.el6op", - "version_affected": "!" - }, - { - "version_value": "0:1.0.3-1.el6op", - "version_affected": "!" - }, - { - "version_value": "1:1.4.1-4.el6", - "version_affected": "!" - }, - { - "version_value": "1:1.3.0-4.el6op", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -87,49 +74,14 @@ "name": "http://www.securityfocus.com/bid/57994" }, { - "url": "https://access.redhat.com/errata/RHSA-2013:0638", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:0638" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2013-0328", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2013-0328" + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914876", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=914876" - }, - { - "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", - "refsource": "MISC", - "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16" - } - ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "version": "2.0" } ] } diff --git a/2013/0xxx/CVE-2013-0329.json b/2013/0xxx/CVE-2013-0329.json index 92c5df7dd16..12c409bed74 100644 --- a/2013/0xxx/CVE-2013-0329.json +++ b/2013/0xxx/CVE-2013-0329.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2013-0329 jenkins: cross-site request forgery (CSRF) protection mechanism bypass" + "value": "Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "n/a" } ] } @@ -32,28 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "RHEL 6 Version of OpenShift Enterprise", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "0:1.502-1.el6op", - "version_affected": "!" - }, - { - "version_value": "0:1.0.3-1.el6op", - "version_affected": "!" - }, - { - "version_value": "1:1.4.1-4.el6", - "version_affected": "!" - }, - { - "version_value": "1:1.3.0-4.el6op", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -81,51 +68,16 @@ "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2013/02/21/7" }, - { - "url": "https://access.redhat.com/errata/RHSA-2013:0638", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2013:0638" - }, { "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", "refsource": "MISC", "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2013-0329", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2013-0329" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914877", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=914877" } ] - }, - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "NONE", - "availabilityImpact": "NONE", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 4.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "PARTIAL", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "version": "2.0" - } - ] } } \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0330.json b/2013/0xxx/CVE-2013-0330.json index d8916410b2a..f1a45cdfd3f 100644 --- a/2013/0xxx/CVE-2013-0330.json +++ b/2013/0xxx/CVE-2013-0330.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0330", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,37 +27,61 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "RHSA-2013:0638", - "refsource": "REDHAT", - "url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html" - }, - { - "name": "[oss-security] 20130220 Re: Jenkins CVE request for Jenkins Security Advisory 2013-02-16", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/02/21/7" - }, - { - "name": "57994", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/57994" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=914878", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0638.html", "refsource": "MISC", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914878" + "name": "http://rhn.redhat.com/errata/RHSA-2013-0638.html" }, { - "name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb", - "refsource": "CONFIRM", - "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb" + "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb", + "refsource": "MISC", + "name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb" }, { - "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", - "refsource": "CONFIRM", - "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16" + "url": "http://www.openwall.com/lists/oss-security/2013/02/21/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/21/7" + }, + { + "url": "http://www.securityfocus.com/bid/57994", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57994" + }, + { + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16", + "refsource": "MISC", + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914878", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=914878" } ] } diff --git a/2013/4xxx/CVE-2013-4247.json b/2013/4xxx/CVE-2013-4247.json index 4b362e4abff..1e086e06d97 100644 --- a/2013/4xxx/CVE-2013-4247.json +++ b/2013/4xxx/CVE-2013-4247.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4247", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,32 +27,56 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://github.com/torvalds/linux/commit/1fc29bacedeabb278080e31bb9c1ecb49f143c3b", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/1fc29bacedeabb278080e31bb9c1ecb49f143c3b" + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1fc29bacedeabb278080e31bb9c1ecb49f143c3b", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1fc29bacedeabb278080e31bb9c1ecb49f143c3b" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=998401", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998401" + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.9.6", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.9.6" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.9.6", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.9.6" + "url": "http://www.openwall.com/lists/oss-security/2013/08/14/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/08/14/10" }, { - "name": "[oss-security] 20130814 Re: CVE Request: Linux kernel: cifs: off-by-one bug in build_unc_path_to_root", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/08/14/10" + "url": "https://github.com/torvalds/linux/commit/1fc29bacedeabb278080e31bb9c1ecb49f143c3b", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/1fc29bacedeabb278080e31bb9c1ecb49f143c3b" }, { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1fc29bacedeabb278080e31bb9c1ecb49f143c3b", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1fc29bacedeabb278080e31bb9c1ecb49f143c3b" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998401", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=998401" } ] } diff --git a/2013/4xxx/CVE-2013-4254.json b/2013/4xxx/CVE-2013-4254.json index e81aa3b3658..ead863daa18 100644 --- a/2013/4xxx/CVE-2013-4254.json +++ b/2013/4xxx/CVE-2013-4254.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4254", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,77 +27,101 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "USN-1970-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1970-1" + "url": "http://www.ubuntu.com/usn/USN-1971-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1971-1" }, { - "name": "54494", - "refsource": "SECUNIA", - "url": "http://secunia.com/advisories/54494" + "url": "http://www.ubuntu.com/usn/USN-1974-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1974-1" }, { - "name": "USN-1975-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1975-1" + "url": "http://www.ubuntu.com/usn/USN-1968-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1968-1" }, { - "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c95eb3184ea1a3a2551df57190c81da695e2144b", - "refsource": "CONFIRM", - "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c95eb3184ea1a3a2551df57190c81da695e2144b" + "url": "http://www.ubuntu.com/usn/USN-1969-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1969-1" }, { - "name": "USN-1971-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1971-1" + "url": "http://www.ubuntu.com/usn/USN-1970-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1970-1" }, { - "name": "USN-1968-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1968-1" + "url": "http://www.ubuntu.com/usn/USN-1972-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1972-1" }, { - "name": "USN-1969-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1969-1" + "url": "http://www.ubuntu.com/usn/USN-1973-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1973-1" }, { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=998878", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998878" + "url": "http://www.ubuntu.com/usn/USN-1975-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-1975-1" }, { - "name": "USN-1973-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1973-1" + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c95eb3184ea1a3a2551df57190c81da695e2144b", + "refsource": "MISC", + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c95eb3184ea1a3a2551df57190c81da695e2144b" }, { - "name": "https://github.com/torvalds/linux/commit/c95eb3184ea1a3a2551df57190c81da695e2144b", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/c95eb3184ea1a3a2551df57190c81da695e2144b" + "url": "http://secunia.com/advisories/54494", + "refsource": "MISC", + "name": "http://secunia.com/advisories/54494" }, { - "name": "USN-1974-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1974-1" + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.8", + "refsource": "MISC", + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.8" }, { - "name": "[oss-security] 20130816 Re: CVE Request: linux-kernel priviledge escalation on ARM/perf", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/08/16/6" + "url": "http://www.openwall.com/lists/oss-security/2013/08/16/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/08/16/6" }, { - "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.8", - "refsource": "CONFIRM", - "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.8" + "url": "https://github.com/torvalds/linux/commit/c95eb3184ea1a3a2551df57190c81da695e2144b", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/c95eb3184ea1a3a2551df57190c81da695e2144b" }, { - "name": "USN-1972-1", - "refsource": "UBUNTU", - "url": "http://www.ubuntu.com/usn/USN-1972-1" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998878", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=998878" } ] } diff --git a/2013/4xxx/CVE-2013-4258.json b/2013/4xxx/CVE-2013-4258.json index 9f290e6010e..976bcd89913 100644 --- a/2013/4xxx/CVE-2013-4258.json +++ b/2013/4xxx/CVE-2013-4258.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4258", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "61852", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/61852" + "url": "http://radscan.com/pipermail/nas/2013-August/001270.html", + "refsource": "MISC", + "name": "http://radscan.com/pipermail/nas/2013-August/001270.html" }, { - "name": "[oss-security] 20130819 Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/08/19/3" + "url": "http://www.debian.org/security/2013/dsa-2771", + "refsource": "MISC", + "name": "http://www.debian.org/security/2013/dsa-2771" }, { - "name": "[nas] 20130807 nas: Multiple Vulnerabilities in nas 1.9.3", - "refsource": "MLIST", - "url": "http://radscan.com/pipermail/nas/2013-August/001270.html" + "url": "http://www.openwall.com/lists/oss-security/2013/08/16/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/08/16/2" }, { - "name": "[nas] 20130808 nas: Multiple Vulnerabilities in nas 1.9.3", - "refsource": "MLIST", - "url": "http://radscan.com/pipermail/nas/2013-August/001277.html" + "url": "http://www.openwall.com/lists/oss-security/2013/08/19/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/08/19/3" }, { - "name": "[oss-security] 20130816 CVE Request : NAS v1.9.3 multiple Vulnerabilites", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2013/08/16/2" + "url": "http://radscan.com/pipermail/nas/2013-August/001277.html", + "refsource": "MISC", + "name": "http://radscan.com/pipermail/nas/2013-August/001277.html" }, { - "name": "DSA-2771", - "refsource": "DEBIAN", - "url": "http://www.debian.org/security/2013/dsa-2771" + "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=E1Rp1rP-00038Z-VJ%40sfp-svn-6.v30.ch3.sourceforge.com&forum_name=nas-commits", + "refsource": "MISC", + "name": "http://sourceforge.net/mailarchive/forum.php?thread_name=E1Rp1rP-00038Z-VJ%40sfp-svn-6.v30.ch3.sourceforge.com&forum_name=nas-commits" }, { - "name": "[nas-commits] 20120122 SF.net SVN: nas:[285] trunk/server/os/aulog.c", - "refsource": "MLIST", - "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=E1Rp1rP-00038Z-VJ%40sfp-svn-6.v30.ch3.sourceforge.com&forum_name=nas-commits" + "url": "http://www.securityfocus.com/bid/61852", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61852" } ] } diff --git a/2013/4xxx/CVE-2013-4259.json b/2013/4xxx/CVE-2013-4259.json index c7d1d01859b..ecf528410af 100644 --- a/2013/4xxx/CVE-2013-4259.json +++ b/2013/4xxx/CVE-2013-4259.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4259", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,22 +27,46 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=998223", - "refsource": "CONFIRM", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998223" + "url": "http://www.ansible.com/security", + "refsource": "MISC", + "name": "http://www.ansible.com/security" }, { - "name": "https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg", - "refsource": "CONFIRM", - "url": "https://groups.google.com/forum/#!topic/ansible-project/UVDYW0HGcNg" + "url": "https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg", + "refsource": "MISC", + "name": "https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg" }, { - "name": "http://www.ansible.com/security", - "refsource": "CONFIRM", - "url": "http://www.ansible.com/security" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=998223", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=998223" } ] } diff --git a/2016/9xxx/CVE-2016-9912.json b/2016/9xxx/CVE-2016-9912.json index 94bea8ff61a..d9c096e08ab 100644 --- a/2016/9xxx/CVE-2016-9912.json +++ b/2016/9xxx/CVE-2016-9912.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9912", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,22 +27,46 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[oss-security] 20161208 Re: CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/08/6" + "url": "https://security.gentoo.org/glsa/201701-49", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201701-49" }, { - "name": "GLSA-201701-49", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201701-49" + "url": "http://www.openwall.com/lists/oss-security/2016/12/08/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/08/6" }, { - "name": "94760", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94760" + "url": "http://www.securityfocus.com/bid/94760", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94760" } ] } diff --git a/2016/9xxx/CVE-2016-9916.json b/2016/9xxx/CVE-2016-9916.json index 02016437189..6e7794e2dfc 100644 --- a/2016/9xxx/CVE-2016-9916.json +++ b/2016/9xxx/CVE-2016-9916.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-9916", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,42 +27,66 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource": "MLIST", - "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { - "name": "94729", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/94729" + "url": "https://security.gentoo.org/glsa/201701-49", + "refsource": "MISC", + "name": "https://security.gentoo.org/glsa/201701-49" }, { - "name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend", - "refsource": "MLIST", - "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html" + "url": "http://www.openwall.com/lists/oss-security/2016/12/06/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/06/11" }, { - "name": "GLSA-201701-49", - "refsource": "GENTOO", - "url": "https://security.gentoo.org/glsa/201701-49" + "url": "http://www.openwall.com/lists/oss-security/2016/12/08/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/12/08/7" }, { - "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68", - "refsource": "CONFIRM", - "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68" + "url": "http://www.securityfocus.com/bid/94729", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94729" }, { - "name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/06/11" + "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html" }, { - "name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks", - "refsource": "MLIST", - "url": "http://www.openwall.com/lists/oss-security/2016/12/08/7" + "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=898ae90a44551d25b8e956fd87372d303c82fe68", + "refsource": "MISC", + "name": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=898ae90a44551d25b8e956fd87372d303c82fe68" } ] } diff --git a/2016/9xxx/CVE-2016-9921.json b/2016/9xxx/CVE-2016-9921.json index 5c3d1601e20..ec9509511a3 100644 --- a/2016/9xxx/CVE-2016-9921.json +++ b/2016/9xxx/CVE-2016-9921.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2016-9921 CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy" + "value": "Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "Divide By Zero", - "cweId": "CWE-369" + "value": "n/a" } ] } @@ -32,82 +31,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-10.el7", - "version_affected": "!" - } - ] - } - }, - { - "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", - "version": { - "version_data": [ - { - "version_value": "10:2.9.0-14.el7", - "version_affected": "!" + "version_affected": "=", + "version_value": "n/a" } ] } @@ -140,71 +73,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2017:2408" }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398" - }, { "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, - { - "url": "https://access.redhat.com/security/cve/CVE-2016-9921", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2016-9921" - }, { "url": "https://security.gentoo.org/glsa/201701-49", "refsource": "MISC", "name": "https://security.gentoo.org/glsa/201701-49" } ] - }, - "credits": [ - { - "lang": "en", - "value": "Red Hat would like to thank Jiangxin (Huawei Inc.), Li Qiang (Qihoo 360), and Qinghao Tang (Qihoo 360) for reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "accessComplexity": "MEDIUM", - "accessVector": "ADJACENT_NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "PARTIAL", - "availabilityRequirement": "NOT_DEFINED", - "baseScore": 2.3, - "collateralDamagePotential": "NOT_DEFINED", - "confidentialityImpact": "NONE", - "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 0, - "exploitability": "NOT_DEFINED", - "integrityImpact": "NONE", - "integrityRequirement": "NOT_DEFINED", - "remediationLevel": "NOT_DEFINED", - "reportConfidence": "NOT_DEFINED", - "targetDistribution": "NOT_DEFINED", - "temporalScore": 0, - "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", - "version": "2.0" - }, - { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "LOW", - "baseScore": 3, - "baseSeverity": "LOW", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", - "version": "3.0" - } - ] } } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23209.json b/2021/23xxx/CVE-2021-23209.json index be873281ae7..a58802fd000 100644 --- a/2021/23xxx/CVE-2021-23209.json +++ b/2021/23xxx/CVE-2021-23209.json @@ -1,45 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "audit@patchstack.com", - "DATE_PUBLIC": "2021-12-15T10:11:00.000Z", - "ID": "CVE-2021-23209", - "STATE": "PUBLIC", - "TITLE": "WordPress AMP for WP \u2013 Accelerated Mobile Pages plugin <= 1.0.77.32 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "AMP for WP \u2013 Accelerated Mobile Pages (WordPress plugin)", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "<= 1.0.77.32", - "version_value": "1.0.77.32" - } - ] - } - } - ] - }, - "vendor_name": "Ahmed Kaludi, Mohammed Kaludi" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Vulnerability discovered by Ex.Mi (Patchstack)." - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-23209", + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -48,58 +15,109 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.8, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" + "value": "CWE-79 Cross-site Scripting (XSS)", + "cweId": "CWE-79" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ahmed Kaludi, Mohammed Kaludi", + "product": { + "product_data": [ + { + "product_name": "AMP for WP \u2013 Accelerated Mobile Pages (WordPress plugin)", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.77.33", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.77.32", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://wordpress.org/plugins/accelerated-mobile-pages/#developers", - "refsource": "CONFIRM", - "url": "https://wordpress.org/plugins/accelerated-mobile-pages/#developers" - }, - { - "name": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-77-32-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities", - "refsource": "CONFIRM", - "url": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-77-32-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities" + "url": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-77-32-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-77-32-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities?_s_id=cve" } ] }, - "solution": [ - { - "lang": "eng", - "value": "Update to 1.0.77.33 or higher version." - } - ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update to 1.0.77.33 or higher version.

" + } + ], + "value": "Update to 1.0.77.33 or higher version.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "FearZzZz (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + ] } } \ No newline at end of file