This repository has been archived by the owner on Nov 7, 2021. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
68ba55f
commit d5a1c0f
Showing
2 changed files
with
2 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"1.6": ["CVE-2013-1892", "CVE-2012-6619"], "2.2": ["CVE-2012-6619"]} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| [{"CVE": "CVE-2019-2389", "severity": "moderate", "public_date": "2019-08-30T00:00:00Z", "advisories": [], "bugzilla": "1765182", "bugzilla_description": "CVE-2019-2389 mongodb: Incorrect scoping in shipped sysV scripts allows arbitrary PID insertion to kill", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-732", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2389.json", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "4.2"}, {"CVE": "CVE-2019-2386", "severity": "moderate", "public_date": "2019-08-06T00:00:00Z", "advisories": [], "bugzilla": "1746132", "bugzilla_description": "CVE-2019-2386 mongodb: Improper invalidation of authorization sessions for deleted users", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-613", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2386.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss3_score": "7.1"}, {"CVE": "CVE-2019-11324", "severity": "moderate", "public_date": "2019-04-17T00:00:00Z", "advisories": ["RHSA-2019:3335", "RHSA-2019:3590"], "bugzilla": "1702473", "bugzilla_description": "CVE-2019-11324 python-urllib3: Certification mishandle when error should be thrown", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-295", "affected_packages": ["python-urllib3-1.24.2-2.el8", "python27:2.7-8010020190903182548.51c94b97"], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11324.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3_score": "7.5"}, {"CVE": "CVE-2019-11840", "severity": "moderate", "public_date": "2019-03-20T00:00:00Z", "advisories": [], "bugzilla": "1691529", "bugzilla_description": "CVE-2019-11840 golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-330", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11840.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "cvss3_score": "6.5"}, {"CVE": "CVE-2019-11236", "severity": "moderate", "public_date": "2019-03-13T00:00:00Z", "advisories": ["RHSA-2019:3335", "RHSA-2019:2272", "RHSA-2019:3590"], "bugzilla": "1700824", "bugzilla_description": "CVE-2019-11236 python-urllib3: CRLF injection due to not encoding the '\\r\\n' sequence leading to possible attack on internal service", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-113", "affected_packages": ["python-urllib3-1.24.2-2.el8", "python27:2.7-8010020190903182548.51c94b97", "python-urllib3-1.10.2-7.el7"], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11236.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss3_score": "6.5"}, {"CVE": "CVE-2019-6285", "severity": "low", "public_date": "2019-01-14T00:00:00Z", "advisories": [], "bugzilla": "1668104", "bugzilla_description": "CVE-2019-6285 yaml-cpp: DoS in SingleDocParser::HandleFlowSequence funtion", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-400", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6285.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3_score": "3.7"}, {"CVE": "CVE-2018-20710", "severity": null, "public_date": "2019-01-14T00:00:00Z", "advisories": [], "bugzilla": "1686723", "bugzilla_description": "CVE-2018-20710 yaml-cpp: remote dos via crafted YAML file in function SingleDocParser::HandleFlowSequence", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-400", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20710.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3_score": "5.3"}, {"CVE": "CVE-2019-6292", "severity": "low", "public_date": "2019-01-02T00:00:00Z", "advisories": [], "bugzilla": "1668108", "bugzilla_description": "CVE-2019-6292 yaml-cpp: DoS in singledocparser.cpp", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-400", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6292.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3_score": "5.3"}, {"CVE": "CVE-2018-20573", "severity": "low", "public_date": "2018-12-28T00:00:00Z", "advisories": [], "bugzilla": "1665567", "bugzilla_description": "CVE-2018-20573 yaml-cpp: DoS in Scanner::EnsureTokensInQueue function in yaml-cpp", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-400", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20573.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3_score": "3.7"}, {"CVE": "CVE-2018-20574", "severity": "low", "public_date": "2018-12-28T00:00:00Z", "advisories": [], "bugzilla": "1665571", "bugzilla_description": "CVE-2018-20574 yaml-cpp: DoS in SingleDocParser::HandleFlowMap function", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-400", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20574.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3_score": "3.7"}, {"CVE": "CVE-2018-16790", "severity": "moderate", "public_date": "2018-09-11T00:00:00Z", "advisories": [], "bugzilla": "1627923", "bugzilla_description": "CVE-2018-16790 libbson: Heap-based buffer over-read in _bson_iter_next_internal in bson-iter.c", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-125", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16790.json", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", "cvss3_score": "6.3"}, {"CVE": "CVE-2018-18074", "severity": "low", "public_date": "2018-06-29T00:00:00Z", "advisories": ["RHSA-2019:2035"], "bugzilla": "1643829", "bugzilla_description": "CVE-2018-18074 python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-522", "affected_packages": ["python-requests-2.6.0-5.el7"], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18074.json", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "cvss3_score": "2.6"}, {"CVE": "CVE-2017-15535", "severity": "moderate", "public_date": "2017-09-29T00:00:00Z", "advisories": [], "bugzilla": "1516183", "bugzilla_description": "CVE-2017-15535 mongodb: Invalid wire protocol compression", "cvss_score": null, "cvss_scoring_vector": null, "CWE": null, "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15535.json", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "cvss3_score": "5.7"}, {"CVE": "CVE-2017-14227", "severity": "low", "public_date": "2017-09-07T00:00:00Z", "advisories": [], "bugzilla": "1494401", "bugzilla_description": "CVE-2017-14227 libbson: Heap based buffer over read in the bson_utf8_validate function", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-122", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14227.json", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "cvss3_score": "3.3"}, {"CVE": "CVE-2017-11692", "severity": "moderate", "public_date": "2017-07-28T00:00:00Z", "advisories": [], "bugzilla": "1477074", "bugzilla_description": "CVE-2017-11692 yaml-cpp: assertion failure in Token& Scanner::peek function", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-617", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11692.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "5.9"}, {"CVE": "CVE-2017-3204", "severity": "moderate", "public_date": "2017-03-29T00:00:00Z", "advisories": [], "bugzilla": "1439748", "bugzilla_description": "CVE-2017-3204 golang-googlecode-go-crypto: Go SSH library does not verify host keys by default", "cvss_score": null, "cvss_scoring_vector": null, "CWE": null, "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3204.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss3_score": "4.8"}, {"CVE": "CVE-2017-5950", "severity": "moderate", "public_date": "2017-01-17T00:00:00Z", "advisories": [], "bugzilla": "1439662", "bugzilla_description": "CVE-2017-5950 yaml-cpp: Stack overflow in HandleNode()", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-674", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5950.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3_score": "7.5"}, {"CVE": "CVE-2016-3104", "severity": "moderate", "public_date": "2016-12-06T00:00:00Z", "advisories": [], "bugzilla": "1324496", "bugzilla_description": "CVE-2016-3104 mongodb: Unauthenticated remote DoS via memory exhaustion", "cvss_score": 5.0, "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CWE": "CWE-400", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3104.json"}, {"CVE": "CVE-2016-6494", "severity": "low", "public_date": "2016-08-01T00:00:00Z", "advisories": [], "bugzilla": "1362553", "bugzilla_description": "CVE-2016-6494 mongodb: world-readable .dbshell history file", "cvss_score": 2.1, "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "CWE": "CWE-732", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6494.json", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3_score": "4.0"}, {"CVE": "CVE-2014-8180", "severity": "low", "public_date": "2016-01-25T00:00:00Z", "advisories": [], "bugzilla": "1301703", "bugzilla_description": "CVE-2014-8180 Satellite 6: mongodb accessible by local users without authentication resulting in Denial of Service", "cvss_score": 2.1, "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "CWE": "CWE-287", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8180.json"}, {"CVE": "CVE-2015-7882", "severity": "important", "public_date": "2015-09-29T00:00:00Z", "advisories": [], "bugzilla": "1732358", "bugzilla_description": "CVE-2015-7882 mongodb: improper handling of LDAP authentication leading to unauthorized access", "cvss_score": null, "cvss_scoring_vector": null, "CWE": "CWE-287", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7882.json", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss3_score": "9.1"}, {"CVE": "CVE-2015-3239", "severity": "low", "public_date": "2015-06-20T00:00:00Z", "advisories": ["RHSA-2015:1675", "RHSA-2015:1768", "RHSA-2015:1769"], "bugzilla": "1232265", "bugzilla_description": "CVE-2015-3239 libunwind: off-by-one in dwarf_to_unw_regnum()", "cvss_score": 3.3, "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "CWE": "CWE-193", "affected_packages": ["libunwind-1.1-4.1.el7ost", "libunwind-1.1-4.1.el6ost"], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3239.json"}, {"CVE": "CVE-2014-8168", "severity": "low", "public_date": "2015-02-18T00:00:00Z", "advisories": [], "bugzilla": "1192249", "bugzilla_description": "CVE-2014-8168 Satellite 6: any local user can access mongodb and delete the database", "cvss_score": 3.6, "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "CWE": "CWE-285", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8168.json"}, {"CVE": "CVE-2015-1609", "severity": "moderate", "public_date": "2015-02-17T00:00:00Z", "advisories": [], "bugzilla": "1200446", "bugzilla_description": "CVE-2015-1609 mongodb: DoS due to improper BSON validation", "cvss_score": 5.0, "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "CWE": "CWE-20", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1609.json"}, {"CVE": "CVE-2013-4374", "severity": "low", "public_date": "2015-02-06T00:00:00Z", "advisories": [], "bugzilla": "1011827", "bugzilla_description": "CVE-2013-4374 RHQ Mongo DB Drift Server: Malicious change set import due to insecure temporary file usage", "cvss_score": 3.2, "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:N/I:P/A:P", "CWE": "CWE-377", "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4374.json"}, {"CVE": "CVE-2013-3969", "severity": "important", "public_date": "2013-07-04T00:00:00Z", "advisories": [], "bugzilla": "985499", "bugzilla_description": "CVE-2013-3969 MongoDB: remote code execution via javascript", "cvss_score": 6.5, "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "CWE": null, "affected_packages": [], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3969.json"}, {"CVE": "CVE-2013-1892", "severity": "important", "public_date": "2013-03-24T00:00:00Z", "advisories": ["RHSA-2013:1170"], "bugzilla": "927536", "bugzilla_description": "CVE-2013-1892 MongoDB: Server Side JavaScript Includes allow Remote Code Execution", "cvss_score": 6.8, "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CWE": "CWE-119", "affected_packages": ["mongodb-1.6.4-6.el6"], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1892.json"}, {"CVE": "CVE-2012-6619", "severity": "moderate", "public_date": "2012-11-23T00:00:00Z", "advisories": ["RHSA-2014:0230", "RHSA-2014:0440"], "bugzilla": "1049748", "bugzilla_description": "CVE-2012-6619 mongodb: memory over-read via incorrect BSON object length", "cvss_score": 5.8, "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "CWE": "CWE-125->CWE-200", "affected_packages": ["mongodb-1.6.4-7.el6", "mongodb-2.2.4-4.el6ost"], "resource_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6619.json"}] |