admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add specific version numbers to descriptions, where applicable

Browse Source
This commit is contained in:
Seth Arnold 2019-04-19 19:33:54 -07:00
parent e0052bd14d
commit 3011ca0913
No known key found for this signature in database
GPG Key ID: F32172599D8D2E97
19 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2011/1xxx/CVE-2011-1830.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "Ekiga attempted to load a module from /tmp/ekiga_test.so."
"value": "Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so."
}
]
},

2
2011/3xxx/CVE-2011-3145.json
View File

@ -51,7 +51,7 @@
"description_data": [
{
"lang": "eng",
"value": "When mount.ecrpytfs_private calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private."
"value": "When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private."
}
]
},

2
2011/3xxx/CVE-2011-3147.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously constructed qcow filesystem could expose hypervisor host files to a guest operating system."
"value": "Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem."
}
]
},

2
2011/3xxx/CVE-2011-3151.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Ubuntu SELinux initscript used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem."
"value": "The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem."
}
]
},

2
2014/1xxx/CVE-2014-1427.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting.\nThis issue affects:\n MAAS versions prior to 1.9.2."
"value": "A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2."
}
]
},

2
2014/1xxx/CVE-2014-1428.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames.\nThis issue affects:\nUbuntu MAAS versions prior to 1.9.2."
"value": "A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2."
}
]
},

2
2015/1xxx/CVE-2015-1316.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Juju Core's Joyent provider uploads the user's private ssh key."
"value": "Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key."
}
]
},

2
2015/1xxx/CVE-2015-1320.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface.\nThis issue affects:\nUbuntu MAAS versions prior to 1.9.2."
"value": "The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2."
}
]
},

2
2015/1xxx/CVE-2015-1326.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() python method could be tricked into executing malicious code if an attacker supplies a .pyc file."
"value": "python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file."
}
]
},

2
2015/1xxx/CVE-2015-1327.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Content Hub DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app."
"value": "Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app."
}
]
},

2
2015/1xxx/CVE-2015-1340.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "doUidshiftIntoContainer() has an unsafe Chmod() call that races against\nthe stat in the Filepath.Walk() function. A symbolic link created in\nthat window could cause any file on the system to have any mode of the\nattacker's choice."
"value": "LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice."
}
]
},

2
2015/1xxx/CVE-2015-1341.json
View File

@ -59,7 +59,7 @@
"description_data": [
{
"lang": "eng",
"value": "Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in the function _python_module_path."
"value": "Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Appoprt before 2.19.2 function _python_module_path."
}
]
},

2
2015/1xxx/CVE-2015-1343.json
View File

@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "unity-scope-gdrive logs search terms to syslog."
"value": "All versions of unity-scope-gdrive logs search terms to syslog."
}
]
},

2
2016/1xxx/CVE-2016-1573.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "In plugins/Dash/CardCreator.js the dash will execute any code found in place of a fallback image supplied by a scope."
"value": "Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope."
}
]
},

2
2016/1xxx/CVE-2016-1579.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. This means that any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user."
"value": "UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user."
}
]
},

2
2016/1xxx/CVE-2016-1584.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "A running but not active application on a large-screen device could talk with Maliit and consume keyboard input."
"value": "In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input."
}
]
},

2
2016/1xxx/CVE-2016-1585.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "AppArmor mount rules are accidentally widened when compiled."
"value": "In all versions of AppArmor mount rules are accidentally widened when compiled."
}
]
},

2
2016/1xxx/CVE-2016-1586.json
View File

@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction."
"value": "A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3."
}
]
},

2
2016/1xxx/CVE-2016-1587.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Snapweb interface was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system."
"value": "The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system."
}
]
},