admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2017-11-16 23:04:20 -05:00
parent f71a743813
commit 097b034a83
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
9 changed files with 531 additions and 531 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
2017/1000xxx/CVE-2017-1000231.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.460075",
"ID": "CVE-2017-1000231",
"REQUESTER": "stephan.zeisberg@splone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ldns",
"version": {
"version_data": [
{
"version_value": "1.7.0"
}
]
}
}
]
},
"vendor_name": "NLnet Labs"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.460075",
"ID" : "CVE-2017-1000231",
"REQUESTER" : "stephan.zeisberg@splone.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ldns",
"version" : {
"version_data" : [
{
"version_value" : "1.7.0"
}
]
}
}
]
},
"vendor_name" : "NLnet Labs"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000232.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.461002",
"ID": "CVE-2017-1000232",
"REQUESTER": "stephan.zeisberg@splone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ldns",
"version": {
"version_data": [
{
"version_value": "1.7.0"
}
]
}
}
]
},
"vendor_name": "NLnet Labs"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.461002",
"ID" : "CVE-2017-1000232",
"REQUESTER" : "stephan.zeisberg@splone.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ldns",
"version" : {
"version_data" : [
{
"version_value" : "1.7.0"
}
]
}
}
]
},
"vendor_name" : "NLnet Labs"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Double Free"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000234.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.462821",
"ID": "CVE-2017-1000234",
"REQUESTER": "j.singh@sec-consult.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "I, Librarian",
"version": {
"version_data": [
{
"version_value": "<=4.6 & 4.7"
}
]
}
}
]
},
"vendor_name": "I, Librarian"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.462821",
"ID" : "CVE-2017-1000234",
"REQUESTER" : "j.singh@sec-consult.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "I, Librarian",
"version" : {
"version_data" : [
{
"version_value" : "<=4.6 & 4.7"
}
]
}
}
]
},
"vendor_name" : "I, Librarian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the \"dir\" parameter"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the \"dir\" parameter"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000235.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.463684",
"ID": "CVE-2017-1000235",
"REQUESTER": "j.singh@sec-consult.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "I, Librarian",
"version": {
"version_data": [
{
"version_value": "<=4.6 & 4.7"
}
]
}
}
]
},
"vendor_name": "I, Librarian"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.463684",
"ID" : "CVE-2017-1000235",
"REQUESTER" : "j.singh@sec-consult.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "I, Librarian",
"version" : {
"version_data" : [
{
"version_value" : "<=4.6 & 4.7"
}
]
}
}
]
},
"vendor_name" : "I, Librarian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in the batchimport.php resulting the web server to be fully compromised."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000236.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.465743",
"ID": "CVE-2017-1000236",
"REQUESTER": "j.singh@sec-consult.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "I, Librarian",
"version": {
"version_data": [
{
"version_value": "<=4.6 & 4.7"
}
]
}
}
]
},
"vendor_name": "I, Librarian"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.465743",
"ID" : "CVE-2017-1000236",
"REQUESTER" : "j.singh@sec-consult.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "I, Librarian",
"version" : {
"version_data" : [
{
"version_value" : "<=4.6 & 4.7"
}
]
}
}
]
},
"vendor_name" : "I, Librarian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000237.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.466749",
"ID": "CVE-2017-1000237",
"REQUESTER": "j.singh@sec-consult.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "I, Librarian",
"version": {
"version_data": [
{
"version_value": "<=4.6 & 4.7"
}
]
}
}
]
},
"vendor_name": "I, Librarian"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.466749",
"ID" : "CVE-2017-1000237",
"REQUESTER" : "j.singh@sec-consult.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "I, Librarian",
"version" : {
"version_data" : [
{
"version_value" : "<=4.6 & 4.7"
}
]
}
}
]
},
"vendor_name" : "I, Librarian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Server-Side Request Forgery"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting the attacker can reset any user's password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000246.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.475589",
"ID": "CVE-2017-1000246",
"REQUESTER": "predrag.gruevski@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pysaml2",
"version": {
"version_data": [
{
"version_value": "4.4.0 and older"
}
]
}
}
]
},
"vendor_name": "pysaml2"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.475589",
"ID" : "CVE-2017-1000246",
"REQUESTER" : "predrag.gruevski@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "pysaml2",
"version" : {
"version_data" : [
{
"version_value" : "4.4.0 and older"
}
]
}
}
]
},
"vendor_name" : "pysaml2"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Initialization vector (IV) reuse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Initialization vector (IV) reuse"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/rohe/pysaml2/issues/417"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/rohe/pysaml2/issues/417"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000247.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.476306",
"ID": "CVE-2017-1000247",
"REQUESTER": "gcaminer@flowgate.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CodeIgniter Web Framework",
"version": {
"version_data": [
{
"version_value": "3.1.3 and older"
}
]
}
}
]
},
"vendor_name": "British Columbia Institute of Technology"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.476306",
"ID" : "CVE-2017-1000247",
"REQUESTER" : "gcaminer@flowgate.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "CodeIgniter Web Framework",
"version" : {
"version_data" : [
{
"version_value" : "3.1.3 and older"
}
]
}
}
]
},
"vendor_name" : "British Columbia Institute of Technology"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "HTTP Header injection"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Header injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.codeigniter.com/userguide3/changelog.html#version-3-1-4"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.codeigniter.com/userguide3/changelog.html#version-3-1-4"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000248.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.477066",
"ID": "CVE-2017-1000248",
"REQUESTER": "dylanishappy1@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis-store",
"version": {
"version_data": [
{
"version_value": "<=v1.3.0"
}
]
}
}
]
},
"vendor_name": "redis-store"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.477066",
"ID" : "CVE-2017-1000248",
"REQUESTER" : "dylanishappy1@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "redis-store",
"version" : {
"version_data" : [
{
"version_value" : "<=v1.3.0"
}
]
}
}
]
},
"vendor_name" : "redis-store"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unsafe Deserialization"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsafe Deserialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e"
}
]
}
}