mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-07 03:02:46 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
aecac486e8
commit
ff53492370
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3642",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an \"insecure send method.\""
|
||||
"value": "It was found that Red Hat CloudForms contained an insecure send method that accepted user-supplied arguments. An authenticated user could use this flaw to modify the program flow in a way that could result in privilege escalation."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,23 +21,699 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')",
|
||||
"cweId": "CWE-470"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "CloudForms Management Engine 5.3",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:0.75.13-1.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.3.0.15-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.0-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.12-11.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:B.02.16-4.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.9.2-1.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.9.7-1.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.0P1-3.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:9.2.3-5.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:9.0r2-4.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5.3-7.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.2.17-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.2.17-6.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.1.0-3.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.0-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.2.17-4.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.9-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.8-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.9.2-3.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2.5-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.9.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.11.3-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.6.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.4.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.7-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.1.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.9-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.0.29-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.2-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.4.1-4.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.9-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.31.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.2-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.7-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.5-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.1.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.5.5-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.9.3-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.2.3-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.19.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.2.4-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.2-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.0.5-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.4-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.2.5-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.6.21-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.7.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.4.0-7.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.12.3-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.10.2-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.7-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.6.9-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2.6-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.1.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.7-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.0-3.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.2-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.9.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.3-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.8-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.6.2-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.5.4-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.7.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:6.5.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.20.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.2.0-3.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.7.7-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5.2-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.7.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.7.4-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.7.7-3.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.5-7.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.9.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.5.6-3.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.0-4.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.8-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5.21-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.12.2-5.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.4.0-4.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.11.0-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.2.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.20.2-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:1.4.5-3.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.6.2-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.13.8-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:10.1.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.8.3-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.0.17-3.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2.3-4.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.12.2-4.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.6.7-5.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.12.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.12.2-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.12.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.6-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.4-3.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.9-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.1.3-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.4.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.13.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.0.10-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2.0-6.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.0-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.9.5-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.19-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.7.0-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.32.1-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.2.1-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.4-7.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.7.1-6.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.7.1-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.2.3-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.0.2-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2.3-8.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.9-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.0-6.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.6.0-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.2-8.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.0-8.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.6.5-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.4.5-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.10.0-7.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.4.5-5.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.1-5.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5.3-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.4.0-5.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.16.2-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.4.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.1.3-3.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.1.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.11.0-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.3-4.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.12-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.0-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.7.19-244.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.11.6-3.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1092894",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092894"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1317.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-1317.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:1317",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1317.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1317",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1317"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3642",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3642"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092894",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1092894"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3654",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do."
|
||||
"value": "Stored and reflected cross-site scripting (XSS) flaws were found in the way spacewalk-java displayed certain information. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,38 +21,114 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Network Satellite Server v 5.5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.7.54-131.el6sat",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Satellite 5.6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.0.2-90.el5sat",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "60976",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/60976"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html"
|
||||
},
|
||||
{
|
||||
"name": "62027",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/62027"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00010.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00010.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2014:1339",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1762.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-1762.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2014:1342",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00010.html"
|
||||
"url": "http://secunia.com/advisories/60976",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/60976"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:1762",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1762.html"
|
||||
"url": "http://secunia.com/advisories/62027",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/62027"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1762",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1762"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3654",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3654"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144628",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1144628"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3662",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts."
|
||||
"value": "CVE-2014-3662 jenkins: username discovery (SECURITY-110)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,23 +21,407 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
|
||||
"cweId": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat OpenShift Enterprise 2.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.565.3-1.el6op",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.6.40.1-0.el6op",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.20.3.5-1.el6op",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat OpenShift Enterprise 3.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.1.1.6-1.git.0.b57e8bd.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.18.2-3.gitaf4752e.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.625.3-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.3-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.2.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.4.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.4.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.4.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.3.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.4-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.3-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.3-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.2.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.1.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.0-6.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.1.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.2.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.1.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.1.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.9.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.4-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.9-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.6.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.5-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.0.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.4.0-5.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.0.11-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.2.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.5-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.1-3.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.4.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.3-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.1.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.5-3.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.3-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.2.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.4-4.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.0-3.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.0.3-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.6.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.3-1.el7",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.35-1.git.0.6a386dd.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.4.0-1.el7",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "RHSA-2016:0070",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
|
||||
"url": "https://access.redhat.com/errata/RHBA-2014:1630",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHBA-2014:1630"
|
||||
},
|
||||
{
|
||||
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
|
||||
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
|
||||
"refsource": "MISC",
|
||||
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2016:0070",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2016:0070"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3662",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3662"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147759",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1147759"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 5,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3663",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors."
|
||||
"value": "CVE-2014-3663 jenkins: job configuration issues (SECURITY-127, SECURITY-128)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,23 +21,407 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Incorrect Authorization",
|
||||
"cweId": "CWE-863"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat OpenShift Enterprise 2.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.565.3-1.el6op",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.6.40.1-0.el6op",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.20.3.5-1.el6op",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat OpenShift Enterprise 3.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.1.1.6-1.git.0.b57e8bd.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.18.2-3.gitaf4752e.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.625.3-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.3-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.2.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.4.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.4.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.4.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.3.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.4-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.3-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.3-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.2.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.1.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.0-6.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.1.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.2.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.1.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.1.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.9.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.4-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.9-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.6.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.5-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.0.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.4.0-5.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.0.11-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.2.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.5-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.1-3.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.4.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.3-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.1.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.5-3.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.3-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.2.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.4-4.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.0-3.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.0.3-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.6.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.3-1.el7",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.35-1.git.0.6a386dd.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.4.0-1.el7",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "RHSA-2016:0070",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
|
||||
"url": "https://access.redhat.com/errata/RHBA-2014:1630",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHBA-2014:1630"
|
||||
},
|
||||
{
|
||||
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
|
||||
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
|
||||
"refsource": "MISC",
|
||||
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2016:0070",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2016:0070"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3663",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3663"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147764",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1147764"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 5,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3678",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
|
||||
"value": "CVE-2014-3678 jenkins: cross-site scripting flaws in the monitoring plug-in (SECURITY-113)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,28 +21,101 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat OpenShift Enterprise 2.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.565.3-1.el6op",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.6.40.1-0.el6op",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.20.3.5-1.el6op",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://wiki.jenkins-ci.org/display/JENKINS/Monitoring",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://wiki.jenkins-ci.org/display/JENKINS/Monitoring"
|
||||
"url": "https://access.redhat.com/errata/RHBA-2014:1630",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHBA-2014:1630"
|
||||
},
|
||||
{
|
||||
"name": "59122",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59122"
|
||||
"url": "https://wiki.jenkins-ci.org/display/JENKINS/Monitoring",
|
||||
"refsource": "MISC",
|
||||
"name": "https://wiki.jenkins-ci.org/display/JENKINS/Monitoring"
|
||||
},
|
||||
{
|
||||
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
|
||||
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
|
||||
"refsource": "MISC",
|
||||
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/59122",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/59122"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3678",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3678"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147760",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1147760"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 4.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3680",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM."
|
||||
"value": "CVE-2014-3680 jenkins: password exposure in DOM (SECURITY-138)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,23 +21,383 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
|
||||
"cweId": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat OpenShift Enterprise 3.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:3.1.1.6-1.git.0.b57e8bd.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.18.2-3.gitaf4752e.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.625.3-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.3-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.2.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.4.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.4.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.4.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.3.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.4-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.3-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.3-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.2.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.1.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.0-6.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.1.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.2.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.1.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.1.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.9.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.4-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.9-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.6.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.5-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.0.1-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.4.0-5.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.0.11-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.2.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.5-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.1-3.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.0-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.4.2-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.3-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.1.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.5-3.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3.3-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.2.1-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.4-4.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.0-3.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.0.3-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.6.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.2-2.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.3-1.el7",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.35-1.git.0.6a386dd.el7aos",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.4.0-1.el7",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5.0-1.el7aos",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "RHSA-2016:0070",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
|
||||
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
|
||||
"refsource": "MISC",
|
||||
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
|
||||
},
|
||||
{
|
||||
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2016:0070",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2016:0070"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3680",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3680"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148645",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1148645"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 5,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-3691",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate."
|
||||
"value": "It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,38 +21,163 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Certificate Validation",
|
||||
"cweId": "CWE-295"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OpenStack 4 for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.3.0-7.el6ost",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "OpenStack Foreman for RHEL 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.6.0.33-2.el6ost",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Satellite 6.0",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.6.0.51-1.el7sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.6.0.33-1.el7sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.5.3-7.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.0.67-1.el7sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.4.4-1.el7sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.4.4-1.1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.21.0-3.2.el7sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.6.9-1.2.el7sat",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/theforeman/smart-proxy/pull/217",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/theforeman/smart-proxy/pull/217"
|
||||
"url": "http://projects.theforeman.org/issues/7822",
|
||||
"refsource": "MISC",
|
||||
"name": "http://projects.theforeman.org/issues/7822"
|
||||
},
|
||||
{
|
||||
"name": "http://projects.theforeman.org/issues/7822",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://projects.theforeman.org/issues/7822"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0287.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2015-0287.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:0287",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0287.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0288.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2015-0288.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:0288",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0288.html"
|
||||
"url": "https://access.redhat.com/errata/RHBA-2015:0054",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHBA-2015:0054"
|
||||
},
|
||||
{
|
||||
"name": "https://groups.google.com/forum/#!topic/foreman-announce/jXC5ixybjqo",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://groups.google.com/forum/#!topic/foreman-announce/jXC5ixybjqo"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:0287",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:0287"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:0288",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:0288"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-3691",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-3691"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1150879",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1150879"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/theforeman/smart-proxy/pull/217",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/theforeman/smart-proxy/pull/217"
|
||||
},
|
||||
{
|
||||
"url": "https://groups.google.com/forum/#%21topic/foreman-announce/jXC5ixybjqo",
|
||||
"refsource": "MISC",
|
||||
"name": "https://groups.google.com/forum/#%21topic/foreman-announce/jXC5ixybjqo"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 5.8,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-5119",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules."
|
||||
"value": "An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,123 +21,259 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Heap-based Buffer Overflow",
|
||||
"cweId": "CWE-122"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.5-118.el5_10.3",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5.6 Long Life",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.5-58.el5_6.5",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5.9 Extended Update Support",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.5-107.el5_9.7",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.12-1.132.el6_5.4",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.12-1.47.el6_2.13",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6.4 Extended Update Support",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.12-1.107.el6_4.6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.17-55.el7_0.1",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "60441",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/60441"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/08/13/5"
|
||||
},
|
||||
{
|
||||
"name": "69738",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/69738"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:1118",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1118.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:1110",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2014-1110.html"
|
||||
},
|
||||
{
|
||||
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604"
|
||||
},
|
||||
{
|
||||
"name": "60345",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/60345"
|
||||
},
|
||||
{
|
||||
"name": "61093",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/61093"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201602-02",
|
||||
"refsource": "GENTOO",
|
||||
"url": "https://security.gentoo.org/glsa/201602-02"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2014:175",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175"
|
||||
},
|
||||
{
|
||||
"name": "http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175",
|
||||
"refsource": "MISC",
|
||||
"url": "http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html"
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20170713 glibc locale issues",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/07/14/1"
|
||||
},
|
||||
{
|
||||
"name": "68983",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/68983"
|
||||
},
|
||||
{
|
||||
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17187",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17187"
|
||||
},
|
||||
{
|
||||
"name": "https://code.google.com/p/google-security-research/issues/detail?id=96",
|
||||
"url": "https://security.gentoo.org/glsa/201602-02",
|
||||
"refsource": "MISC",
|
||||
"url": "https://code.google.com/p/google-security-research/issues/detail?id=96"
|
||||
"name": "https://security.gentoo.org/glsa/201602-02"
|
||||
},
|
||||
{
|
||||
"name": "20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://seclists.org/fulldisclosure/2014/Aug/69"
|
||||
"url": "http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html"
|
||||
},
|
||||
{
|
||||
"name": "DSA-3012",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2014/dsa-3012"
|
||||
"url": "http://linux.oracle.com/errata/ELSA-2015-0092.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://linux.oracle.com/errata/ELSA-2015-0092.html"
|
||||
},
|
||||
{
|
||||
"name": "61074",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/61074"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html"
|
||||
},
|
||||
{
|
||||
"name": "20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability",
|
||||
"refsource": "CISCO",
|
||||
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1118.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-1118.html"
|
||||
},
|
||||
{
|
||||
"name": "http://linux.oracle.com/errata/ELSA-2015-0092.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://linux.oracle.com/errata/ELSA-2015-0092.html"
|
||||
"url": "http://seclists.org/fulldisclosure/2014/Aug/69",
|
||||
"refsource": "MISC",
|
||||
"name": "http://seclists.org/fulldisclosure/2014/Aug/69"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2014:1125",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html"
|
||||
"url": "http://secunia.com/advisories/60345",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/60345"
|
||||
},
|
||||
{
|
||||
"name": "60358",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/60358"
|
||||
"url": "http://secunia.com/advisories/60358",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/60358"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/60441",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/60441"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/61074",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/61074"
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/61093",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/61093"
|
||||
},
|
||||
{
|
||||
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119",
|
||||
"refsource": "MISC",
|
||||
"name": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119"
|
||||
},
|
||||
{
|
||||
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604"
|
||||
},
|
||||
{
|
||||
"url": "http://www.debian.org/security/2014/dsa-3012",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.debian.org/security/2014/dsa-3012"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/07/14/1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2014/07/14/1"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/08/13/5",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2014/08/13/5"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/68983",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/68983"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/69738",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/69738"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1110",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1110"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1118",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1118"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-5119",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-5119"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119128",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1119128"
|
||||
},
|
||||
{
|
||||
"url": "https://code.google.com/p/google-security-research/issues/detail?id=96",
|
||||
"refsource": "MISC",
|
||||
"name": "https://code.google.com/p/google-security-research/issues/detail?id=96"
|
||||
},
|
||||
{
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2014-1110.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://rhn.redhat.com/errata/RHSA-2014-1110.html"
|
||||
},
|
||||
{
|
||||
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17187",
|
||||
"refsource": "MISC",
|
||||
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17187"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "LOCAL",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6.9,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-7812",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field."
|
||||
"value": "CVE-2014-7812 Red Hat Satellite, Spacewalk: XSS in system-group"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,28 +21,733 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Satellite 5.7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.1.3-2.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.7.7-7.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.3-10.redhat_2.ep6.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2-7.5.redhat_2.ep6.el6.4",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.0-4.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.0-2.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.9.1.2-2.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2-5.6.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.7-52.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.3-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.4-10.1.5_jboss_update1.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.1.2-5.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.6.1-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.6.1-11.1.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0rc2-6.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.8.2-14.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.20.18-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.0.3-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2_13-3.1.4.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:3.3.2-1.3.GA_CP04.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.8-23.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5-0.22.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2-2.2.2.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3-11.7.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.1-8.1.1.1.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0-19.2.1.1.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:1.1.1-7.4.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.4-4.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.4-1.1.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.1-1.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1-10.3_patch_02.1.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:11-2.1.2.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.1-7.5.2.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.8-6.6.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.1-12.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:1.6.0.16.2-1jpp.1.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.12.0-6.SP1.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.0.1-2.9.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.16-1.2.2.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.1-1.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.13-2.3.2.1.1.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.4-27.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.3-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.10.4.custom-2.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.13-5.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.4.0-5.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0-4.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.8.0-24.3.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.2-5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.26.10-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.6.0-2.2.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.9-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.6.5-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.209.7-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.127.12-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0-0.16.20081201040121nightly.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.2-2.1.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1-7.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:10.2.0-47.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:10.2.0.19-6.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.23.36-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.11.44-5.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2-3.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.5-4.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.09-3.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.38-6.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.06-2.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.16-4.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.4-6.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.47-5.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.119-10.1.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.05-10.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.03-15.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:0.5300-1.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.62-3.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.002-5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.92-8.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.10-8.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.110-10.1.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.13-6.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.22-10.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.3-12.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.027-2.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.427-4.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.28-2.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5-3.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.10-7.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:6.0.1-3.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.9.9-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.23.17-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.1-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.26.12-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.28.27-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.10.1-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.184.18-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.58.12-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.7.2-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.14.12-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.92-3.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.20-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.710.10-3.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.30-13.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.01-6.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1-21.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:9.2.8-2.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.11.6-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.2-4.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1.16-5.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.10.2-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.14-3.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.10-3.1.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.4-5.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1_20071120-15.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.7.0.1-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.7.0.0-3.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.5.22-15.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.5.81-8.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.4.1-9.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2-2.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.11.5-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.13.5-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.2-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.216.31-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.29.14-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.24.6-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.1.3-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.7.0.24-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.7.0-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.6.0.3-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:5.7.0.11-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.15.8-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:20120927-11.el6_5",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.4.5-3.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.0-5.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.1.3-6.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.4.2-2.ep6.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5.7-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.0-2.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.0-1.5.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.2.7-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.3-23.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.0-4.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.8-96.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.0-5.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.2-16.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.0-7.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.0-15.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.1-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.0-21.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.6.1-6.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:2.3-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.2-13.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.3.2-27.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.9.3-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.12.11-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.9-10.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.10-6.ep5.el6",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.2.3-14.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.27.29-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1-1.el6sat",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.7.0-9.8.el6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "RHSA-2015:0033",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0033.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html"
|
||||
},
|
||||
{
|
||||
"name": "62183",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/62183"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0033.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2015-0033.html"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SU-2015:0928",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html"
|
||||
"url": "http://secunia.com/advisories/62183",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/62183"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:0033",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:0033"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-7812",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-7812"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172934",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1172934"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 3.5,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-7814",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter."
|
||||
"value": "It was found that CloudForms 4 exposed SQL filters via the REST API without any input escaping. An authenticated user could use this flaw to perform SQL injection attacks against the CloudForms Management Engine database."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,23 +21,96 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
|
||||
"cweId": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "CloudForms Management Engine 5.3",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:5.3.2.6-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.19.0-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.9.4-1.el6cf",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "62255",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/62255"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0028.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2015-0028.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:0028",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0028.html"
|
||||
"url": "http://secunia.com/advisories/62255",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/62255"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:0028",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:0028"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-7814",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-7814"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1157881",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1157881"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 6.5,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-7819",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding."
|
||||
"value": "CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,43 +21,193 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
|
||||
"cweId": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "CloudForms Management Engine 5.4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:5.4.0.5-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.0-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.12-11.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:B.02.16-4.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.0P1-3.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:9.2.3-5.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:9.0r2-4.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.5.3-7.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:3.0.1-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.0.7-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.9.8-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.2.8-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.8.2-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.5.11-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.12.2-9.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.0.13-1.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.20.2-5.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.11.0-5.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.1-9.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:0.1-2.el6cf",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.3.14-1.el6cf",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "openSUSE-SU-2014:1504",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2014:1514",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html"
|
||||
},
|
||||
{
|
||||
"name": "[rubyonrails-security] 20141030 [AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets",
|
||||
"refsource": "MLIST",
|
||||
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2014:1502",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html"
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2014:1513",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html"
|
||||
"url": "https://access.redhat.com/errata/RHBA-2015:1100",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHBA-2015:1100"
|
||||
},
|
||||
{
|
||||
"name": "[rubyonrails-security] 20141030 Arbitrary file existence disclosure in Sprockets (CVE-2014-7819)",
|
||||
"refsource": "MLIST",
|
||||
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ"
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-7819",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-7819"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161527",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1161527"
|
||||
},
|
||||
{
|
||||
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY",
|
||||
"refsource": "MISC",
|
||||
"name": "https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY"
|
||||
},
|
||||
{
|
||||
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ",
|
||||
"refsource": "MISC",
|
||||
"name": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ"
|
||||
},
|
||||
{
|
||||
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ",
|
||||
"refsource": "MISC",
|
||||
"name": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 5,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-8099",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function."
|
||||
"value": "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,58 +21,150 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Out-of-bounds Read",
|
||||
"cweId": "CWE-125"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.1.1-48.107.el5_11",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.15.0-25.el6_6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.15.0-7.el7_0.3",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "DSA-3095",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2014/dsa-3095"
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
|
||||
},
|
||||
{
|
||||
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
|
||||
"url": "http://advisories.mageia.org/MGASA-2014-0532.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://advisories.mageia.org/MGASA-2014-0532.html"
|
||||
},
|
||||
{
|
||||
"name": "http://advisories.mageia.org/MGASA-2014-0532.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://advisories.mageia.org/MGASA-2014-0532.html"
|
||||
"url": "http://secunia.com/advisories/61947",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/61947"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201504-06",
|
||||
"refsource": "GENTOO",
|
||||
"url": "https://security.gentoo.org/glsa/201504-06"
|
||||
"url": "http://secunia.com/advisories/62292",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/62292"
|
||||
},
|
||||
{
|
||||
"name": "62292",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/62292"
|
||||
"url": "http://www.debian.org/security/2014/dsa-3095",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.debian.org/security/2014/dsa-3095"
|
||||
},
|
||||
{
|
||||
"name": "71600",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/71600"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2015:119",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
|
||||
"url": "http://www.securityfocus.com/bid/71600",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/71600"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
|
||||
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
|
||||
},
|
||||
{
|
||||
"name": "61947",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/61947"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1982",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1982"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1983",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1983"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-8099",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-8099"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168710",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1168710"
|
||||
},
|
||||
{
|
||||
"url": "https://security.gentoo.org/glsa/201504-06",
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.gentoo.org/glsa/201504-06"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "ADJACENT_NETWORK",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 2.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-8103",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension."
|
||||
"value": "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,33 +21,109 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Out-of-bounds Read",
|
||||
"cweId": "CWE-125"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.15.0-25.el6_6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.15.0-7.el7_0.3",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201504-06",
|
||||
"refsource": "GENTOO",
|
||||
"url": "https://security.gentoo.org/glsa/201504-06"
|
||||
"url": "http://secunia.com/advisories/61947",
|
||||
"refsource": "MISC",
|
||||
"name": "http://secunia.com/advisories/61947"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
|
||||
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
|
||||
},
|
||||
{
|
||||
"name": "61947",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/61947"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1983",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1983"
|
||||
},
|
||||
{
|
||||
"url": "https://security.gentoo.org/glsa/201504-06",
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.gentoo.org/glsa/201504-06"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-8103",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-8103"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168716",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1168716"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "MEDIUM",
|
||||
"accessVector": "ADJACENT_NETWORK",
|
||||
"authentication": "SINGLE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 2.3,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "NONE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-8105",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors."
|
||||
"value": "An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive information such as plain-text passwords."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,38 +21,119 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
|
||||
"cweId": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 6",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.2.11.15-50.el6_6",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.3.3.1-13.el7",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
|
||||
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:0416",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
|
||||
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
|
||||
},
|
||||
{
|
||||
"name": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:0628",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0628.html"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2015-3368",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:0416",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:0416"
|
||||
},
|
||||
{
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0628.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2015-0628.html"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2015:0628",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2015:0628"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-8105",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-8105"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167858",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1167858"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "LOW",
|
||||
"accessVector": "ADJACENT_NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 5.8,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,40 +1,17 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2014-8118",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow."
|
||||
"value": "CVE-2014-8118 rpm: integer overflow and stack overflow in CPIO header parsing"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -44,43 +21,108 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
"value": "Stack-based Buffer Overflow",
|
||||
"cweId": "CWE-121"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:4.11.1-18.el7_0",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "MDVSA-2015:056",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
|
||||
"url": "http://advisories.mageia.org/MGASA-2014-0529.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://advisories.mageia.org/MGASA-2014-0529.html"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201811-22",
|
||||
"refsource": "GENTOO",
|
||||
"url": "https://security.gentoo.org/glsa/201811-22"
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
|
||||
},
|
||||
{
|
||||
"name": "http://advisories.mageia.org/MGASA-2014-0529.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://advisories.mageia.org/MGASA-2014-0529.html"
|
||||
"url": "http://www.debian.org/security/2015/dsa-3129",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.debian.org/security/2015/dsa-3129"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2014:251",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
|
||||
},
|
||||
{
|
||||
"name": "DSA-3129",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2015/dsa-3129"
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:1976",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
|
||||
"url": "https://access.redhat.com/errata/RHSA-2014:1976",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2014:1976"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2014-8118",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2014-8118"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168715",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1168715"
|
||||
},
|
||||
{
|
||||
"url": "https://security.gentoo.org/glsa/201811-22",
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.gentoo.org/glsa/201811-22"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"accessComplexity": "HIGH",
|
||||
"accessVector": "NETWORK",
|
||||
"authentication": "NONE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"availabilityRequirement": "NOT_DEFINED",
|
||||
"baseScore": 7.6,
|
||||
"collateralDamagePotential": "NOT_DEFINED",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"confidentialityRequirement": "NOT_DEFINED",
|
||||
"environmentalScore": 0,
|
||||
"exploitability": "NOT_DEFINED",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"integrityRequirement": "NOT_DEFINED",
|
||||
"remediationLevel": "NOT_DEFINED",
|
||||
"reportConfidence": "NOT_DEFINED",
|
||||
"targetDistribution": "NOT_DEFINED",
|
||||
"temporalScore": 0,
|
||||
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
|
||||
"version": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,25 +1,59 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-25678",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard, with passwords visible. The highest threat from this vulnerability is to confidentiality."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cleartext Storage of Sensitive Information",
|
||||
"cweId": "CWE-312"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "ceph",
|
||||
"product_name": "Red Hat Ceph Storage 4.2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "ceph versions prior to 16.y.z"
|
||||
"version_value": "2:14.2.11-147.el7cp",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:4.0.49.2-1.el8cp",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:2.6.3-3.el8cp",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.5.2-3.el8cp",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,47 +64,55 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-312"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://tracker.ceph.com/issues/37503",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109"
|
||||
"name": "https://tracker.ceph.com/issues/37503"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2021:1452",
|
||||
"refsource": "MISC",
|
||||
"name": "https://tracker.ceph.com/issues/37503",
|
||||
"url": "https://tracker.ceph.com/issues/37503"
|
||||
"name": "https://access.redhat.com/errata/RHSA-2021:1452"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2021-93ff9e9103",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/"
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2020-25678",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2020-25678"
|
||||
},
|
||||
{
|
||||
"refsource": "GENTOO",
|
||||
"name": "GLSA-202105-39",
|
||||
"url": "https://security.gentoo.org/glsa/202105-39"
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/"
|
||||
},
|
||||
{
|
||||
"url": "https://security.gentoo.org/glsa/202105-39",
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.gentoo.org/glsa/202105-39"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible."
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.4,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,25 +1,66 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-2211",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
|
||||
"cweId": "CWE-119"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "libguestfs",
|
||||
"product_name": "Red Hat Enterprise Linux 8",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "none"
|
||||
"version_value": "8070020220921004438.3b9f49c4",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "1:1.48.4-2.el9",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.48.2-5.el9",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "1:2.0.7-6.el9",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +71,61 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Buffer Overflow"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2022-2211",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2022-2211",
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2022-2211"
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2022-2211"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:7472",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:7472"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:7958",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:7958"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:7959",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:7959"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:7968",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:7968"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100862",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2100862"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": " Upstream acknowledges Laszlo Ersek as the original reporter."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor."
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,25 +1,69 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-2568",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Privilege Management",
|
||||
"cweId": "CWE-269"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Red Hat Ansible Automation Platform",
|
||||
"product_name": "Red Hat Ansible Automation Platform 2.1 for RHEL 8",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2.2"
|
||||
"version_value": "0:4.4.4-1.el8pc",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Ansible Automation Platform 2.2 for RHEL 8",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:4.5.0-4.el8ap",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Ansible Automation Platform 2.2 for RHEL 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:4.5.0-4.el9ap",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +74,45 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Privilege Management"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:6078",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653"
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:6078"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:6079",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:6079"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2022-2568",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2022-2568"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges."
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.2,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,25 +1,47 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-2739",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
|
||||
"cweId": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "podman",
|
||||
"product_name": "Red Hat Enterprise Linux 7 Extras",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "podman 1.6.4-32.el7_9"
|
||||
"version_value": "0:1.6.4-36.el7_9",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,37 +52,40 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2022-2739",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2116927",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116927"
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2022-2739"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:6119",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2022-2739",
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2022-2739"
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:6119"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116927",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2116927"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables."
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,25 +1,113 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-2850",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "NULL Pointer Dereference",
|
||||
"cweId": "CWE-476"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "389-ds-base",
|
||||
"product_name": "Red Hat Directory Server 11.5 for RHEL 8",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "389-ds-base-2.0.x+"
|
||||
"version_value": "8060020221122205230.0ca98e7e",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Directory Server 12.0 for RHEL 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "9000020230124175804.fd05c7f4",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:1.3.10.2-17.el7_9",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 8",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8060020221011200628.824efc52",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8040020221110201811.96015a92",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.1.3-4.el9_1",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0:2.0.14-3.el9_0",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,37 +118,76 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "denial of service"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2022-2850",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691"
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2022-2850"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:7087",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/security/cve/CVE-2022-2850",
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2022-2850"
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:7087"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:7133",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:7133"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:8162",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:8162"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:8680",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:8680"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:8886",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:8886"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2022:8976",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2022:8976"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:0479",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2023:0479"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This issue was discovered by Viktor Ashirov (Red Hat)."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514."
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,9 +4,8 @@
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-33938",
|
||||
"STATE": "PUBLIC",
|
||||
"DATE_PUBLIC": "2022-10-20",
|
||||
"ASSIGNER": "talos-cna@cisco.com"
|
||||
"ASSIGNER": "talos-cna@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
@ -16,30 +15,14 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1584",
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1584"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "High",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String"
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String",
|
||||
"cweId": "CWE-134"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -72,5 +55,32 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1584",
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1584"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -4,9 +4,8 @@
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-35244",
|
||||
"STATE": "PUBLIC",
|
||||
"DATE_PUBLIC": "2022-10-20",
|
||||
"ASSIGNER": "talos-cna@cisco.com"
|
||||
"ASSIGNER": "talos-cna@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
@ -16,30 +15,14 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1582",
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1582"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "Critical",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String"
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String",
|
||||
"cweId": "CWE-134"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -72,5 +55,32 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1582",
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1582"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -4,9 +4,8 @@
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-35874",
|
||||
"STATE": "PUBLIC",
|
||||
"DATE_PUBLIC": "2022-10-20",
|
||||
"ASSIGNER": "talos-cna@cisco.com"
|
||||
"ASSIGNER": "talos-cna@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
@ -16,30 +15,14 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581",
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "High",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String"
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String",
|
||||
"cweId": "CWE-134"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -72,5 +55,32 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581",
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -4,9 +4,8 @@
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-35875",
|
||||
"STATE": "PUBLIC",
|
||||
"DATE_PUBLIC": "2022-10-20",
|
||||
"ASSIGNER": "talos-cna@cisco.com"
|
||||
"ASSIGNER": "talos-cna@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
@ -16,30 +15,14 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581",
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "High",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String"
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String",
|
||||
"cweId": "CWE-134"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -72,5 +55,32 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581",
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -4,9 +4,8 @@
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-35876",
|
||||
"STATE": "PUBLIC",
|
||||
"DATE_PUBLIC": "2022-10-20",
|
||||
"ASSIGNER": "talos-cna@cisco.com"
|
||||
"ASSIGNER": "talos-cna@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
@ -16,30 +15,14 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581",
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "High",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String"
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String",
|
||||
"cweId": "CWE-134"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -72,5 +55,32 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581",
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -4,9 +4,8 @@
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-35877",
|
||||
"STATE": "PUBLIC",
|
||||
"DATE_PUBLIC": "2022-10-20",
|
||||
"ASSIGNER": "talos-cna@cisco.com"
|
||||
"ASSIGNER": "talos-cna@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
@ -16,30 +15,14 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581",
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "High",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String"
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String",
|
||||
"cweId": "CWE-134"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -72,5 +55,32 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581",
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1581"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -4,9 +4,8 @@
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-35884",
|
||||
"STATE": "PUBLIC",
|
||||
"DATE_PUBLIC": "2022-10-20",
|
||||
"ASSIGNER": "talos-cna@cisco.com"
|
||||
"ASSIGNER": "talos-cna@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
@ -16,30 +15,14 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "High",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String"
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String",
|
||||
"cweId": "CWE-134"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -72,5 +55,32 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -4,9 +4,8 @@
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-35885",
|
||||
"STATE": "PUBLIC",
|
||||
"DATE_PUBLIC": "2022-10-20",
|
||||
"ASSIGNER": "talos-cna@cisco.com"
|
||||
"ASSIGNER": "talos-cna@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
@ -16,30 +15,14 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "High",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String"
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String",
|
||||
"cweId": "CWE-134"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -72,5 +55,32 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -4,9 +4,8 @@
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-35886",
|
||||
"STATE": "PUBLIC",
|
||||
"DATE_PUBLIC": "2022-10-20",
|
||||
"ASSIGNER": "talos-cna@cisco.com"
|
||||
"ASSIGNER": "talos-cna@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
@ -16,30 +15,14 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "High",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String"
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String",
|
||||
"cweId": "CWE-134"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -72,5 +55,32 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -4,9 +4,8 @@
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-35887",
|
||||
"STATE": "PUBLIC",
|
||||
"DATE_PUBLIC": "2022-10-20",
|
||||
"ASSIGNER": "talos-cna@cisco.com"
|
||||
"ASSIGNER": "talos-cna@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
@ -16,30 +15,14 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "High",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String"
|
||||
"value": "CWE-134: Use of Externally-Controlled Format String",
|
||||
"cweId": "CWE-134"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -72,5 +55,32 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585",
|
||||
"refsource": "MISC",
|
||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1585"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
|
||||
"value": "A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -21,7 +21,8 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "use-after-free"
|
||||
"value": "Use After Free",
|
||||
"cweId": "CWE-416"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -31,16 +32,20 @@
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"vendor_name": "Red Hat",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "xorg-x11-server",
|
||||
"product_name": "Red Hat Enterprise Linux 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "xorg-x11-server-1.20.4",
|
||||
"version_affected": "="
|
||||
"version_value": "0:1.8.0-23.el7_9",
|
||||
"version_affected": "!"
|
||||
},
|
||||
{
|
||||
"version_value": "0:1.20.4-21.el7_9",
|
||||
"version_affected": "!"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -53,11 +58,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2022-4283",
|
||||
"refsource": "MISC",
|
||||
@ -82,6 +82,39 @@
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:0045",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2023:0045"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:0046",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2023:0046"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user