admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2017-10-30 16:04:30 -04:00
parent 4b6ae32c45
commit 57a9b420bd
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
3 changed files with 135 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
2017/1000xxx/CVE-2017-1000255.json
View File

@ -1,61 +1,62 @@
{
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-10-02",
"ID": "CVE-2017-1000255",
"REQUESTER": "mpe@ellerman.id.au"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: \"5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)\" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
{
"version_value": "v4.9-rc1 and later (introduced in commit 5d176f751ee3c6eededd984ad409bff201f436a7)"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-10-02",
"ID" : "CVE-2017-1000255",
"REQUESTER" : "mpe@ellerman.id.au",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Linux Kernel",
"version" : {
"version_data" : [
{
"version_value" : "v4.9-rc1 and later (introduced in commit 5d176f751ee3c6eededd984ad409bff201f436a7)"
}
]
}
}
]
}
}
]
},
"vendor_name": "Linux Kernel"
}
},
"vendor_name" : "Linux Kernel"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: \"5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)\" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2017-1000255"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://access.redhat.com/security/cve/CVE-2017-1000255"
}
]
}
}

147
2017/10xxx/CVE-2017-10151.json
View File

@ -1,80 +1,81 @@
{
"data_type":"CVE",
"data_format":"MITRE",
"data_version":"4.0",
"CVE_data_meta": {
"ID":"CVE-2017-10151",
"ASSIGNER":"secalert_us@oracle.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name":"Oracle Corporation",
"product": {
"product_data": [
{
"product_name":"Identity Manager",
"version": {
"version_data": [
{
"version_value":"11.1.1.7",
"version_affected":"="
},
{
"version_value":"11.1.1.9",
"version_affected":"="
},
{
"version_value":"11.1.2.1.0",
"version_affected":"="
},
{
"version_value":"11.1.2.2.0",
"version_affected":"="
},
{
"version_value":"11.1.2.3.0",
"version_affected":"="
},
{
"version_value":"12.2.1.3.0",
"version_affected":"="
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang":"eng",
"value":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager."
"product" : {
"product_data" : [
{
"product_name" : "Identity Manager",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.1.1.7"
},
{
"version_affected" : "=",
"version_value" : "11.1.1.9"
},
{
"version_affected" : "=",
"version_value" : "11.1.2.1.0"
},
{
"version_affected" : "=",
"version_value" : "11.1.2.2.0"
},
{
"version_affected" : "=",
"version_value" : "11.1.2.3.0"
},
{
"version_affected" : "=",
"version_value" : "12.2.1.3.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.1.9, 11.1.2.1.0, 11.1.2.2.0, 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"references": {
"reference_data": [
{
"url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager."
}
]
}
]
},
"description": {
"description_data": [
{
"lang":"eng",
"value":"Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.1.9, 11.1.2.1.0, 11.1.2.2.0, 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
},
"references" : {
"reference_data" : [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html"
}
]
}
}
}

3
2017/12xxx/CVE-2017-12613.json
View File

@ -55,6 +55,9 @@
{
"url" : "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"
},
{
"url" : "https://svn.apache.org/viewvc?view=revision&revision=1807976"
},
{
"url" : "http://www.securityfocus.com/bid/101560"
}