admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-23 20:01:03 +00:00
parent 7ab39a1484
commit bfa41a9942
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
94 changed files with 7586 additions and 7493 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
2014/9xxx/CVE-2014-9654.json
View File

@ -1,100 +1,101 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2014-9654",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-9654",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923."
"lang": "eng",
"value": "The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://bugs.icu-project.org/trac/ticket/11371",
"refsource":"CONFIRM",
"url":"http://bugs.icu-project.org/trac/ticket/11371"
"name": "http://bugs.icu-project.org/trac/ticket/11371",
"refsource": "CONFIRM",
"url": "http://bugs.icu-project.org/trac/ticket/11371"
},
{
"name":"https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5",
"refsource":"CONFIRM",
"url":"https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5"
"name": "https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5",
"refsource": "CONFIRM",
"url": "https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5"
},
{
"name":"https://code.google.com/p/chromium/issues/detail?id=432209",
"refsource":"CONFIRM",
"url":"https://code.google.com/p/chromium/issues/detail?id=432209"
"name": "https://code.google.com/p/chromium/issues/detail?id=432209",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=432209"
},
{
"name":"1035410",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1035410"
"name": "1035410",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035410"
},
{
"name":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name":"GLSA-201503-06",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201503-06"
"name": "GLSA-201503-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-06"
},
{
"name":"http://bugs.icu-project.org/trac/changeset/36801",
"refsource":"CONFIRM",
"url":"http://bugs.icu-project.org/trac/changeset/36801"
"name": "http://bugs.icu-project.org/trac/changeset/36801",
"refsource": "CONFIRM",
"url": "http://bugs.icu-project.org/trac/changeset/36801"
},
{
"name":"[oss-security] 20150205 Re: CVE request - ICU",
"refsource":"MLIST",
"url":"http://openwall.com/lists/oss-security/2015/02/05/15"
"name": "[oss-security] 20150205 Re: CVE request - ICU",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/02/05/15"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

103
2014/9xxx/CVE-2014-9911.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2014-9911",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9911",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call."
"lang": "eng",
"value": "Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://bugs.icu-project.org/trac/changeset/35699",
"refsource":"CONFIRM",
"url":"http://bugs.icu-project.org/trac/changeset/35699"
"name": "http://bugs.icu-project.org/trac/changeset/35699",
"refsource": "CONFIRM",
"url": "http://bugs.icu-project.org/trac/changeset/35699"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1383569",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383569"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1383569",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383569"
},
{
"name":"1037556",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1037556"
"name": "1037556",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037556"
},
{
"name":"94520",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/94520"
"name": "94520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94520"
},
{
"name":"[oss-security] 20161124 Re: CVE request: icu: stack-based buffer overflow in uloc_getDisplayName",
"refsource":"MLIST",
"url":"http://www.openwall.com/lists/oss-security/2016/11/25/1"
"name": "[oss-security] 20161124 Re: CVE request: icu: stack-based buffer overflow in uloc_getDisplayName",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/25/1"
},
{
"name":"https://bugs.php.net/bug.php?id=67397",
"refsource":"CONFIRM",
"url":"https://bugs.php.net/bug.php?id=67397"
"name": "https://bugs.php.net/bug.php?id=67397",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=67397"
},
{
"name":"http://bugs.icu-project.org/trac/ticket/1089",
"refsource":"CONFIRM",
"url":"http://bugs.icu-project.org/trac/ticket/1089"
"name": "http://bugs.icu-project.org/trac/ticket/1089",
"refsource": "CONFIRM",
"url": "http://bugs.icu-project.org/trac/ticket/1089"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

91
2015/1xxx/CVE-2015-1832.json
View File

@ -1,85 +1,86 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2015-1832",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1832",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype."
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://issues.apache.org/jira/browse/DERBY-6807",
"refsource":"CONFIRM",
"url":"https://issues.apache.org/jira/browse/DERBY-6807"
"name": "https://issues.apache.org/jira/browse/DERBY-6807",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/DERBY-6807"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21990100",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21990100"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990100",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990100"
},
{
"name":"93132",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/93132"
"name": "93132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93132"
},
{
"name":"https://svn.apache.org/viewvc?view=revision&revision=1691461",
"refsource":"CONFIRM",
"url":"https://svn.apache.org/viewvc?view=revision&revision=1691461"
"name": "https://svn.apache.org/viewvc?view=revision&revision=1691461",
"refsource": "CONFIRM",
"url": "https://svn.apache.org/viewvc?view=revision&revision=1691461"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

181
2015/3xxx/CVE-2015-3253.json
View File

@ -1,160 +1,161 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2015-3253",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3253",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object."
"lang": "eng",
"value": "The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"RHSA-2017:2596",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2596"
"name": "RHSA-2017:2596",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2596"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name":"RHSA-2016:1376",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2016:1376"
"name": "RHSA-2016:1376",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1376"
},
{
"name":"GLSA-201610-01",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201610-01"
"name": "GLSA-201610-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-01"
},
{
"name":"http://groovy-lang.org/security.html",
"refsource":"CONFIRM",
"url":"http://groovy-lang.org/security.html"
"name": "http://groovy-lang.org/security.html",
"refsource": "CONFIRM",
"url": "http://groovy-lang.org/security.html"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
},
{
"name":"http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html",
"refsource":"MISC",
"url":"http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html"
"name": "http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20160623-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20160623-0001/"
"name": "https://security.netapp.com/advisory/ntap-20160623-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160623-0001/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"RHSA-2016:0066",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-0066.html"
"name": "RHSA-2016:0066",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0066.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name":"91787",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91787"
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name":"http://www.zerodayinitiative.com/advisories/ZDI-15-365/",
"refsource":"MISC",
"url":"http://www.zerodayinitiative.com/advisories/ZDI-15-365/"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-365/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-365/"
},
{
"name":"RHSA-2017:2486",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2486"
"name": "RHSA-2017:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2486"
},
{
"name":"1034815",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1034815"
"name": "1034815",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034815"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name":"75919",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/75919"
"name": "75919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75919"
},
{
"name":"20150716 [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure",
"refsource":"BUGTRAQ",
"url":"http://www.securityfocus.com/archive/1/536012/100/0/threaded"
"name": "20150716 [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536012/100/0/threaded"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

97
2015/5xxx/CVE-2015-5922.json
View File

@ -1,90 +1,91 @@
{
"CVE_data_meta":{
"ASSIGNER":"product-security@apple.com",
"ID":"CVE-2015-5922",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5922",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors."
"lang": "eng",
"value": "Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"1033703",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1033703"
"name": "1033703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033703"
},
{
"name":"APPLE-SA-2015-09-30-3",
"refsource":"APPLE",
"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name":"https://support.apple.com/HT205267",
"refsource":"CONFIRM",
"url":"https://support.apple.com/HT205267"
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name":"APPLE-SA-2015-09-21-1",
"refsource":"APPLE",
"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
"name": "APPLE-SA-2015-09-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name":"https://support.apple.com/HT205213",
"refsource":"CONFIRM",
"url":"https://support.apple.com/HT205213"
"name": "https://support.apple.com/HT205213",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205213"
},
{
"name":"76911",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/76911"
"name": "76911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76911"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

121
2015/9xxx/CVE-2015-9251.json
View File

@ -1,110 +1,111 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2015-9251",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9251",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
"lang": "eng",
"value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://github.com/jquery/jquery/issues/2432",
"refsource":"MISC",
"url":"https://github.com/jquery/jquery/issues/2432"
"name": "https://github.com/jquery/jquery/issues/2432",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
"refsource":"MISC",
"url":"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
"name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
"refsource": "MISC",
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
},
{
"name":"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
"refsource":"MISC",
"url":"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
"name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"name":"https://snyk.io/vuln/npm:jquery:20150627",
"refsource":"MISC",
"url":"https://snyk.io/vuln/npm:jquery:20150627"
"name": "https://snyk.io/vuln/npm:jquery:20150627",
"refsource": "MISC",
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"name":"https://github.com/jquery/jquery/pull/2588",
"refsource":"MISC",
"url":"https://github.com/jquery/jquery/pull/2588"
"name": "https://github.com/jquery/jquery/pull/2588",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"105658",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105658"
"name": "105658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105658"
},
{
"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
"refsource":"MISC",
"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
},
{
"name":"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
"refsource":"MISC",
"url":"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
"name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

127
2016/1000xxx/CVE-2016-1000031.json
View File

@ -1,115 +1,116 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2016-1000031",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000031",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution"
"lang": "eng",
"value": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution"
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"93604",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/93604"
"name": "93604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93604"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190212-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190212-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190212-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://issues.apache.org/jira/browse/WW-4812",
"refsource":"CONFIRM",
"url":"https://issues.apache.org/jira/browse/WW-4812"
"name": "https://issues.apache.org/jira/browse/WW-4812",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/WW-4812"
},
{
"name":"http://www.zerodayinitiative.com/advisories/ZDI-16-570/",
"refsource":"MISC",
"url":"http://www.zerodayinitiative.com/advisories/ZDI-16-570/"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-570/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-570/"
},
{
"name":"https://www.tenable.com/security/research/tra-2016-30",
"refsource":"MISC",
"url":"https://www.tenable.com/security/research/tra-2016-30"
"name": "https://www.tenable.com/security/research/tra-2016-30",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-30"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"https://www.tenable.com/security/research/tra-2016-12",
"refsource":"MISC",
"url":"https://www.tenable.com/security/research/tra-2016-12"
"name": "https://www.tenable.com/security/research/tra-2016-12",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-12"
},
{
"name":"https://issues.apache.org/jira/browse/FILEUPLOAD-279",
"refsource":"CONFIRM",
"url":"https://issues.apache.org/jira/browse/FILEUPLOAD-279"
"name": "https://issues.apache.org/jira/browse/FILEUPLOAD-279",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/FILEUPLOAD-279"
},
{
"name":"https://www.tenable.com/security/research/tra-2016-23",
"refsource":"MISC",
"url":"https://www.tenable.com/security/research/tra-2016-23"
"name": "https://www.tenable.com/security/research/tra-2016-23",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-23"
},
{
"name":"[announce] 20181105 [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior",
"refsource":"MLIST",
"url":"https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E"
"name": "[announce] 20181105 [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

163
2016/1xxx/CVE-2016-1181.json
View File

@ -1,145 +1,146 @@
{
"CVE_data_meta":{
"ASSIGNER":"vultures@jpcert.or.jp",
"ID":"CVE-2016-1181",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1181",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899."
"lang": "eng",
"value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"JVNDB-2016-000096",
"refsource":"JVNDB",
"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096"
"name": "JVNDB-2016-000096",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180629-0006/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180629-0006/"
"name": "https://security.netapp.com/advisory/ntap-20180629-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8",
"refsource":"CONFIRM",
"url":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
"name": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8",
"refsource": "CONFIRM",
"url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1343538",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343538"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538"
},
{
"name":"91068",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91068"
"name": "91068",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91068"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"1036056",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1036056"
"name": "1036056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036056"
},
{
"name":"JVN#03188560",
"refsource":"JVN",
"url":"http://jvn.jp/en/jp/JVN03188560/index.html"
"name": "JVN#03188560",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN03188560/index.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"91787",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91787"
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name":"https://security-tracker.debian.org/tracker/CVE-2016-1181",
"refsource":"CONFIRM",
"url":"https://security-tracker.debian.org/tracker/CVE-2016-1181"
"name": "https://security-tracker.debian.org/tracker/CVE-2016-1181",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1181"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

157
2016/1xxx/CVE-2016-1182.json
View File

@ -1,140 +1,141 @@
{
"CVE_data_meta":{
"ASSIGNER":"vultures@jpcert.or.jp",
"ID":"CVE-2016-1182",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1182",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899."
"lang": "eng",
"value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"JVNDB-2016-000097",
"refsource":"JVNDB",
"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097"
"name": "JVNDB-2016-000097",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097"
},
{
"name":"JVN#65044642",
"refsource":"JVN",
"url":"http://jvn.jp/en/jp/JVN65044642/index.html"
"name": "JVN#65044642",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65044642/index.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180629-0006/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180629-0006/"
"name": "https://security.netapp.com/advisory/ntap-20180629-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8",
"refsource":"CONFIRM",
"url":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
"name": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8",
"refsource": "CONFIRM",
"url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"1036056",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1036056"
"name": "1036056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036056"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1343540",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343540"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343540",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343540"
},
{
"name":"91067",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91067"
"name": "91067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91067"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"91787",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91787"
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name":"https://security-tracker.debian.org/tracker/CVE-2016-1182",
"refsource":"CONFIRM",
"url":"https://security-tracker.debian.org/tracker/CVE-2016-1182"
"name": "https://security-tracker.debian.org/tracker/CVE-2016-1182",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1182"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

193
2016/2xxx/CVE-2016-2141.json
View File

@ -1,170 +1,171 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2016-2141",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2141",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors."
"lang": "eng",
"value": "JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2016:1347",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2016:1347"
"name": "RHSA-2016:1347",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1347"
},
{
"name":"RHSA-2016:2035",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2035.html"
"name": "RHSA-2016:2035",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name":"RHSA-2016:1389",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2016:1389"
"name": "RHSA-2016:1389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1389"
},
{
"name":"RHSA-2016:1345",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2016:1345"
"name": "RHSA-2016:1345",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1345"
},
{
"name":"RHSA-2016:1376",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2016:1376"
"name": "RHSA-2016:1376",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1376"
},
{
"name":"RHSA-2016:1330",
"refsource":"REDHAT",
"url":"https://rhn.redhat.com/errata/RHSA-2016-1330.html"
"name": "RHSA-2016:1330",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1330.html"
},
{
"name":"RHSA-2016:1439",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-1439.html"
"name": "RHSA-2016:1439",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1439.html"
},
{
"name":"RHSA-2016:1331",
"refsource":"REDHAT",
"url":"https://rhn.redhat.com/errata/RHSA-2016-1331.html"
"name": "RHSA-2016:1331",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1331.html"
},
{
"name":"91481",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91481"
"name": "91481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91481"
},
{
"name":"RHSA-2016:1434",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2016:1434"
"name": "RHSA-2016:1434",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1434"
},
{
"name":"RHSA-2016:1328",
"refsource":"REDHAT",
"url":"https://rhn.redhat.com/errata/RHSA-2016-1328.html"
"name": "RHSA-2016:1328",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1328.html"
},
{
"name":"RHSA-2016:1433",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2016:1433"
"name": "RHSA-2016:1433",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1433"
},
{
"name":"https://issues.jboss.org/browse/JGRP-2021",
"refsource":"CONFIRM",
"url":"https://issues.jboss.org/browse/JGRP-2021"
"name": "https://issues.jboss.org/browse/JGRP-2021",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/JGRP-2021"
},
{
"name":"RHSA-2016:1374",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2016:1374"
"name": "RHSA-2016:1374",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1374"
},
{
"name":"RHSA-2016:1432",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2016:1432"
"name": "RHSA-2016:1432",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1432"
},
{
"name":"RHSA-2016:1346",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2016:1346"
"name": "RHSA-2016:1346",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1346"
},
{
"name":"RHSA-2016:1334",
"refsource":"REDHAT",
"url":"https://rhn.redhat.com/errata/RHSA-2016-1334.html"
"name": "RHSA-2016:1334",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1334.html"
},
{
"name":"RHSA-2016:1333",
"refsource":"REDHAT",
"url":"https://rhn.redhat.com/errata/RHSA-2016-1333.html"
"name": "RHSA-2016:1333",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1333.html"
},
{
"name":"RHSA-2016:1329",
"refsource":"REDHAT",
"url":"https://rhn.redhat.com/errata/RHSA-2016-1329.html"
"name": "RHSA-2016:1329",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1329.html"
},
{
"name":"RHSA-2016:1332",
"refsource":"REDHAT",
"url":"https://rhn.redhat.com/errata/RHSA-2016-1332.html"
"name": "RHSA-2016:1332",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1332.html"
},
{
"name":"RHSA-2016:1435",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-1435.html"
"name": "RHSA-2016:1435",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1435.html"
},
{
"name":"1036165",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1036165"
"name": "1036165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036165"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

331
2016/3xxx/CVE-2016-3092.json
View File

@ -1,285 +1,286 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2016-3092",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3092",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."
"lang": "eng",
"value": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"JVNDB-2016-000121",
"refsource":"JVNDB",
"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121"
"name": "JVNDB-2016-000121",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190212-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190212-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190212-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
},
{
"name":"http://svn.apache.org/viewvc?view=revision&revision=1743480",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc?view=revision&revision=1743480"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1743480",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1743480"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"GLSA-201705-09",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201705-09"
"name": "GLSA-201705-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"name":"http://svn.apache.org/viewvc?view=revision&revision=1743738",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc?view=revision&revision=1743738"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1743738",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1743738"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840"
},
{
"name":"http://tomcat.apache.org/security-9.html",
"refsource":"CONFIRM",
"url":"http://tomcat.apache.org/security-9.html"
"name": "http://tomcat.apache.org/security-9.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name":"USN-3024-1",
"refsource":"UBUNTU",
"url":"http://www.ubuntu.com/usn/USN-3024-1"
"name": "USN-3024-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3024-1"
},
{
"name":"RHSA-2016:2069",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2069.html"
"name": "RHSA-2016:2069",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2069.html"
},
{
"name":"1037029",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1037029"
"name": "1037029",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037029"
},
{
"name":"RHSA-2016:2068",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2068.html"
"name": "RHSA-2016:2068",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2068.html"
},
{
"name":"http://tomcat.apache.org/security-7.html",
"refsource":"CONFIRM",
"url":"http://tomcat.apache.org/security-7.html"
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name":"1036900",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1036900"
"name": "1036900",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036900"
},
{
"name":"91453",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91453"
"name": "91453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91453"
},
{
"name":"http://tomcat.apache.org/security-8.html",
"refsource":"CONFIRM",
"url":"http://tomcat.apache.org/security-8.html"
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name":"RHSA-2016:2072",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2072.html"
"name": "RHSA-2016:2072",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2072.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name":"http://svn.apache.org/viewvc?view=revision&revision=1743722",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc?view=revision&revision=1743722"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1743722",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1743722"
},
{
"name":"DSA-3611",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2016/dsa-3611"
"name": "DSA-3611",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371"
},
{
"name":"RHSA-2016:2807",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2807.html"
"name": "RHSA-2016:2807",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"openSUSE-SU-2016:2252",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
"name": "openSUSE-SU-2016:2252",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"name":"JVN#89379547",
"refsource":"JVN",
"url":"http://jvn.jp/en/jp/JVN89379547/index.html"
"name": "JVN#89379547",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN89379547/index.html"
},
{
"name":"1036427",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1036427"
"name": "1036427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036427"
},
{
"name":"RHSA-2016:2070",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2070.html"
"name": "RHSA-2016:2070",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2070.html"
},
{
"name":"RHSA-2017:0457",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html"
"name": "RHSA-2017:0457",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name":"RHSA-2016:2808",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2808.html"
"name": "RHSA-2016:2808",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html"
},
{
"name":"1039606",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1039606"
"name": "1039606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039606"
},
{
"name":"http://svn.apache.org/viewvc?view=revision&revision=1743742",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc?view=revision&revision=1743742"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1743742",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1743742"
},
{
"name":"RHSA-2016:2599",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2599.html"
"name": "RHSA-2016:2599",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
},
{
"name":"DSA-3609",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2016/dsa-3609"
"name": "DSA-3609",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"name":"RHSA-2017:0455",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:0455"
"name": "RHSA-2017:0455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name":"DSA-3614",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2016/dsa-3614"
"name": "DSA-3614",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name":"[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
"refsource":"MLIST",
"url":"http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E"
"name": "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E"
},
{
"name":"RHSA-2017:0456",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:0456"
"name": "RHSA-2017:0456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1349468",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"name":"RHSA-2016:2071",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2071.html"
"name": "RHSA-2016:2071",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2071.html"
},
{
"name":"USN-3027-1",
"refsource":"UBUNTU",
"url":"http://www.ubuntu.com/usn/USN-3027-1"
"name": "USN-3027-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3027-1"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

133
2016/4xxx/CVE-2016-4000.json
View File

@ -1,120 +1,121 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2016-4000",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4000",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object."
"lang": "eng",
"value": "Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://security-tracker.debian.org/tracker/CVE-2016-4000",
"refsource":"MISC",
"url":"https://security-tracker.debian.org/tracker/CVE-2016-4000"
"name": "https://security-tracker.debian.org/tracker/CVE-2016-4000",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-4000"
},
{
"name":"https://hg.python.org/jython/rev/d06e29d100c0",
"refsource":"CONFIRM",
"url":"https://hg.python.org/jython/rev/d06e29d100c0"
"name": "https://hg.python.org/jython/rev/d06e29d100c0",
"refsource": "CONFIRM",
"url": "https://hg.python.org/jython/rev/d06e29d100c0"
},
{
"name":"https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451",
"refsource":"MISC",
"url":"https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451"
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451"
},
{
"name":"http://bugs.jython.org/issue2454",
"refsource":"CONFIRM",
"url":"http://bugs.jython.org/issue2454"
"name": "http://bugs.jython.org/issue2454",
"refsource": "CONFIRM",
"url": "http://bugs.jython.org/issue2454"
},
{
"name":"DSA-3893",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2017/dsa-3893"
"name": "DSA-3893",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3893"
},
{
"name":"https://hg.python.org/jython/file/v2.7.1rc1/NEWS",
"refsource":"CONFIRM",
"url":"https://hg.python.org/jython/file/v2.7.1rc1/NEWS"
"name": "https://hg.python.org/jython/file/v2.7.1rc1/NEWS",
"refsource": "CONFIRM",
"url": "https://hg.python.org/jython/file/v2.7.1rc1/NEWS"
},
{
"name":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859",
"refsource":"CONFIRM",
"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859"
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"GLSA-201710-28",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201710-28"
"name": "GLSA-201710-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-28"
},
{
"name":"105647",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105647"
"name": "105647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105647"
},
{
"refsource":"MLIST",
"name":"[infra-devnull] 20190402 [GitHub] [flink] aloyszhang opened pull request #8100: [FLINK-12082] Bump up the jython-standalone version",
"url":"https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E"
"refsource": "MLIST",
"name": "[infra-devnull] 20190402 [GitHub] [flink] aloyszhang opened pull request #8100: [FLINK-12082] Bump up the jython-standalone version",
"url": "https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

91
2016/6xxx/CVE-2016-6293.json
View File

@ -1,85 +1,86 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2016-6293",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6293",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument."
"lang": "eng",
"value": "The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4",
"refsource":"MISC",
"url":"http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4"
"name": "http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4",
"refsource": "MISC",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4"
},
{
"name":"https://bugs.php.net/72533",
"refsource":"MISC",
"url":"https://bugs.php.net/72533"
"name": "https://bugs.php.net/72533",
"refsource": "MISC",
"url": "https://bugs.php.net/72533"
},
{
"name":"GLSA-201701-58",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201701-58"
"name": "GLSA-201701-58",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-58"
},
{
"name":"[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues",
"refsource":"MLIST",
"url":"http://openwall.com/lists/oss-security/2016/07/24/2"
"name": "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2016/07/24/2"
},
{
"name":"92127",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/92127"
"name": "92127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92127"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

145
2016/7xxx/CVE-2016-7055.json
View File

@ -1,130 +1,131 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2016-7055",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7055",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected."
"lang": "eng",
"value": "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2018:2185",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2185"
"name": "RHSA-2018:2185",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"name":"RHSA-2018:2186",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2186"
"name": "RHSA-2018:2186",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"
},
{
"name":"FreeBSD-SA-17:02",
"refsource":"FREEBSD",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
"name": "FreeBSD-SA-17:02",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"https://www.tenable.com/security/tns-2017-04",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2017-04"
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name":"GLSA-201702-07",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201702-07"
"name": "GLSA-201702-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-07"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name":"94242",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/94242"
"name": "94242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94242"
},
{
"name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us"
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us"
},
{
"name":"RHSA-2018:2187",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2187"
"name": "RHSA-2018:2187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"name":"https://www.openssl.org/news/secadv/20161110.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20161110.txt"
"name": "https://www.openssl.org/news/secadv/20161110.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20161110.txt"
},
{
"name":"1037261",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1037261"
"name": "1037261",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037261"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

133
2016/7xxx/CVE-2016-7103.json
View File

@ -1,120 +1,121 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2016-7103",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7103",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2017:0161",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0161.html"
"name": "RHSA-2017:0161",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0161.html"
},
{
"name":"https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6",
"refsource":"CONFIRM",
"url":"https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"
"name": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6",
"refsource": "CONFIRM",
"url": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"RHSA-2016:2933",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2933.html"
"name": "RHSA-2016:2933",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2933.html"
},
{
"name":"https://github.com/jquery/api.jqueryui.com/issues/281",
"refsource":"CONFIRM",
"url":"https://github.com/jquery/api.jqueryui.com/issues/281"
"name": "https://github.com/jquery/api.jqueryui.com/issues/281",
"refsource": "CONFIRM",
"url": "https://github.com/jquery/api.jqueryui.com/issues/281"
},
{
"name":"RHSA-2016:2932",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2932.html"
"name": "RHSA-2016:2932",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2932.html"
},
{
"name":"https://nodesecurity.io/advisories/127",
"refsource":"MISC",
"url":"https://nodesecurity.io/advisories/127"
"name": "https://nodesecurity.io/advisories/127",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/127"
},
{
"name":"https://www.tenable.com/security/tns-2016-19",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2016-19"
"name": "https://www.tenable.com/security/tns-2016-19",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name":"104823",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104823"
"name": "104823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104823"
},
{
"name":"https://jqueryui.com/changelog/1.12.0/",
"refsource":"CONFIRM",
"url":"https://jqueryui.com/changelog/1.12.0/"
"name": "https://jqueryui.com/changelog/1.12.0/",
"refsource": "CONFIRM",
"url": "https://jqueryui.com/changelog/1.12.0/"
},
{
"refsource":"CONFIRM",
"name":"https://security.netapp.com/advisory/ntap-20190416-0007/",
"url":"https://security.netapp.com/advisory/ntap-20190416-0007/"
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190416-0007/",
"url": "https://security.netapp.com/advisory/ntap-20190416-0007/"
},
{
"refsource":"MLIST",
"name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
"refsource": "MLIST",
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

91
2016/7xxx/CVE-2016-7415.json
View File

@ -1,85 +1,86 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2016-7415",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7415",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string."
"lang": "eng",
"value": "Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://bugs.php.net/bug.php?id=73007",
"refsource":"MISC",
"url":"https://bugs.php.net/bug.php?id=73007"
"name": "https://bugs.php.net/bug.php?id=73007",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=73007"
},
{
"name":"[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"refsource":"MLIST",
"url":"http://www.openwall.com/lists/oss-security/2016/09/15/10"
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name":"GLSA-201701-58",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201701-58"
"name": "GLSA-201701-58",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-58"
},
{
"name":"https://www.tenable.com/security/tns-2016-19",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2016-19"
"name": "https://www.tenable.com/security/tns-2016-19",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name":"93022",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/93022"
"name": "93022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93022"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

249
2016/8xxx/CVE-2016-8735.json
View File

@ -1,222 +1,223 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"ID":"CVE-2016-8735",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-8735",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache Tomcat",
"version":{
"version_data":[
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value":"before 6.0.48"
"version_value": "before 6.0.48"
},
{
"version_value":"7.x before 7.0.73"
"version_value": "7.x before 7.0.73"
},
{
"version_value":"8.x before 8.0.39"
"version_value": "8.x before 8.0.39"
},
{
"version_value":"8.5.x before 8.5.7"
"version_value": "8.5.x before 8.5.7"
},
{
"version_value":"9.x before 9.0.0.M12"
"version_value": "9.x before 9.0.0.M12"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types."
"lang": "eng",
"value": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Remote code execution"
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"http://svn.apache.org/viewvc?view=revision&revision=1767676",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc?view=revision&revision=1767676"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1767676",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1767676"
},
{
"name":"http://tomcat.apache.org/security-9.html",
"refsource":"CONFIRM",
"url":"http://tomcat.apache.org/security-9.html"
"name": "http://tomcat.apache.org/security-9.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name":"1037331",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1037331"
"name": "1037331",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037331"
},
{
"name":"94463",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/94463"
"name": "94463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94463"
},
{
"name":"DSA-3738",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2016/dsa-3738"
"name": "DSA-3738",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3738"
},
{
"name":"http://tomcat.apache.org/security-7.html",
"refsource":"CONFIRM",
"url":"http://tomcat.apache.org/security-7.html"
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name":"http://svn.apache.org/viewvc?view=revision&revision=1767644",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc?view=revision&revision=1767644"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1767644",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1767644"
},
{
"name":"http://tomcat.apache.org/security-8.html",
"refsource":"CONFIRM",
"url":"http://tomcat.apache.org/security-8.html"
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name":"http://svn.apache.org/viewvc?view=revision&revision=1767656",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc?view=revision&revision=1767656"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1767656",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1767656"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180607-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180607-0001/"
"name": "https://security.netapp.com/advisory/ntap-20180607-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180607-0001/"
},
{
"name":"http://tomcat.apache.org/security-6.html",
"refsource":"CONFIRM",
"url":"http://tomcat.apache.org/security-6.html"
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name":"RHSA-2017:0457",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html"
"name": "RHSA-2017:0457",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name":"RHSA-2017:0455",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:0455"
"name": "RHSA-2017:0455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name":"http://svn.apache.org/viewvc?view=revision&revision=1767684",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc?view=revision&revision=1767684"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1767684",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1767684"
},
{
"name":"RHSA-2017:0456",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:0456"
"name": "RHSA-2017:0456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name":"http://seclists.org/oss-sec/2016/q4/502",
"refsource":"CONFIRM",
"url":"http://seclists.org/oss-sec/2016/q4/502"
"name": "http://seclists.org/oss-sec/2016/q4/502",
"refsource": "CONFIRM",
"url": "http://seclists.org/oss-sec/2016/q4/502"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

177
2017/0xxx/CVE-2017-0861.json
View File

@ -1,156 +1,157 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@android.com",
"DATE_PUBLIC":"2017-11-06T00:00:00",
"ID":"CVE-2017-0861",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-11-06T00:00:00",
"ID": "CVE-2017-0861",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Android",
"version":{
"version_data":[
"product_name": "Android",
"version": {
"version_data": [
{
"version_value":"Android kernel"
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name":"Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors."
"lang": "eng",
"value": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Elevation of privilege"
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2018:3083",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3083"
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name":"DSA-4187",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4187"
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name":"USN-3617-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3617-1/"
"name": "USN-3617-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-1/"
},
{
"name":"USN-3619-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3619-2/"
"name": "USN-3619-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-2/"
},
{
"name":"USN-3617-3",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3617-3/"
"name": "USN-3617-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-3/"
},
{
"name":"USN-3583-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3583-2/"
"name": "USN-3583-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"name":"USN-3632-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3632-1/"
"name": "USN-3632-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3632-1/"
},
{
"name":"RHSA-2018:2390",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2390"
"name": "RHSA-2018:2390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource":"CONFIRM",
"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name":"USN-3583-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3583-1/"
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name":"https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource":"CONFIRM",
"url":"https://source.android.com/security/bulletin/pixel/2017-11-01"
"name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"name":"[secure-testing-commits] 20171206 r58306 - data/CVE",
"refsource":"MLIST",
"url":"http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html"
"name": "[secure-testing-commits] 20171206 r58306 - data/CVE",
"refsource": "MLIST",
"url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html"
},
{
"name":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229",
"refsource":"CONFIRM",
"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229"
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229"
},
{
"name":"[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name":"https://security-tracker.debian.org/tracker/CVE-2017-0861",
"refsource":"CONFIRM",
"url":"https://security-tracker.debian.org/tracker/CVE-2017-0861"
"name": "https://security-tracker.debian.org/tracker/CVE-2017-0861",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0861"
},
{
"name":"USN-3617-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3617-2/"
"name": "USN-3617-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-2/"
},
{
"name":"RHSA-2018:3096",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3096"
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name":"USN-3619-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3619-1/"
"name": "USN-3619-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-1/"
},
{
"refsource":"BID",
"name":"102329",
"url":"http://www.securityfocus.com/bid/102329"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "BID",
"name": "102329",
"url": "http://www.securityfocus.com/bid/102329"
}
]
}

297
2017/12xxx/CVE-2017-12617.json
View File

@ -1,260 +1,261 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"DATE_PUBLIC":"2017-10-03T00:00:00",
"ID":"CVE-2017-12617",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-10-03T00:00:00",
"ID": "CVE-2017-12617",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache Tomcat",
"version":{
"version_data":[
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value":"9.0.0.M1 to 9.0.0"
"version_value": "9.0.0.M1 to 9.0.0"
},
{
"version_value":"8.5.0 to 8.5.22"
"version_value": "8.5.0 to 8.5.22"
},
{
"version_value":"8.0.0.RC1 to 8.0.46"
"version_value": "8.0.0.RC1 to 8.0.46"
},
{
"version_value":"7.0.0 to 7.0.81"
"version_value": "7.0.0 to 7.0.81"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."
"lang": "eng",
"value": "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2017:3113",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3113"
"name": "RHSA-2017:3113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"RHSA-2017:3080",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3080"
"name": "RHSA-2017:3080",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"
},
{
"name":"RHSA-2018:0269",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0269"
"name": "RHSA-2018:0269",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0269"
},
{
"name":"42966",
"refsource":"EXPLOIT-DB",
"url":"https://www.exploit-db.com/exploits/42966/"
"name": "42966",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42966/"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us"
},
{
"name":"RHSA-2018:0270",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0270"
"name": "RHSA-2018:0270",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0270"
},
{
"name":"RHSA-2018:0271",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0271"
"name": "RHSA-2018:0271",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0271"
},
{
"name":"[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html"
"name": "[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html"
},
{
"name":"RHSA-2018:2939",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2939"
"name": "RHSA-2018:2939",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2939"
},
{
"name":"RHSA-2018:0465",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0465"
"name": "RHSA-2018:0465",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"name":"USN-3665-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3665-1/"
"name": "USN-3665-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3665-1/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"RHSA-2018:0268",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0268"
"name": "RHSA-2018:0268",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0268"
},
{
"name":"RHSA-2017:3114",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3114"
"name": "RHSA-2017:3114",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name":"43008",
"refsource":"EXPLOIT-DB",
"url":"https://www.exploit-db.com/exploits/43008/"
"name": "43008",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43008/"
},
{
"name":"1039552",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1039552"
"name": "1039552",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039552"
},
{
"name":"100954",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/100954"
"name": "100954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100954"
},
{
"name":"RHSA-2018:0275",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0275"
"name": "RHSA-2018:0275",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0275"
},
{
"name":"RHSA-2018:0466",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0466"
"name": "RHSA-2018:0466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"name":"[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload",
"refsource":"MLIST",
"url":"https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E"
"name": "[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E"
},
{
"name":"https://security.netapp.com/advisory/ntap-20171018-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20171018-0002/"
"name": "https://security.netapp.com/advisory/ntap-20171018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171018-0002/"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180117-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180117-0002/"
"name": "https://security.netapp.com/advisory/ntap-20180117-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
},
{
"name":"RHSA-2017:3081",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3081"
"name": "RHSA-2017:3081",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"CONFIRM",
"name":"https://support.f5.com/csp/article/K53173544",
"url":"https://support.f5.com/csp/article/K53173544"
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K53173544",
"url": "https://support.f5.com/csp/article/K53173544"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

73
2017/14xxx/CVE-2017-14952.json
View File

@ -1,70 +1,71 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2017-14952",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14952",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \"redundant UVector entry clean up function call\" issue."
"lang": "eng",
"value": "Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \"redundant UVector entry clean up function call\" issue."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/",
"refsource":"MISC",
"url":"http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/"
"name": "http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/",
"refsource": "MISC",
"url": "http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/"
},
{
"name":"http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp",
"refsource":"CONFIRM",
"url":"http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp"
"name": "http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp",
"refsource": "CONFIRM",
"url": "http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

181
2017/15xxx/CVE-2017-15265.json
View File

@ -1,160 +1,161 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2017-15265",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15265",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c."
"lang": "eng",
"value": "Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"[oss-security] 20171011 Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265",
"refsource":"MLIST",
"url":"http://www.openwall.com/lists/oss-security/2017/10/11/3"
"name": "[oss-security] 20171011 Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/10/11/3"
},
{
"name":"101288",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/101288"
"name": "101288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101288"
},
{
"name":"[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name":"https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026",
"refsource":"CONFIRM",
"url":"https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026"
"name": "https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026"
},
{
"name":"RHSA-2018:2390",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2390"
"name": "RHSA-2018:2390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name":"1039561",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1039561"
"name": "1039561",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039561"
},
{
"name":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026",
"refsource":"CONFIRM",
"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026"
},
{
"name":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8",
"refsource":"CONFIRM",
"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8"
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8"
},
{
"name":"RHSA-2018:1062",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1062"
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource":"CONFIRM",
"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name":"RHSA-2018:3823",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3823"
"name": "RHSA-2018:3823",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3823"
},
{
"name":"https://bugzilla.suse.com/show_bug.cgi?id=1062520",
"refsource":"CONFIRM",
"url":"https://bugzilla.suse.com/show_bug.cgi?id=1062520"
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1062520",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1062520"
},
{
"name":"RHSA-2018:0676",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0676"
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name":"https://source.android.com/security/bulletin/2018-02-01",
"refsource":"CONFIRM",
"url":"https://source.android.com/security/bulletin/2018-02-01"
"name": "https://source.android.com/security/bulletin/2018-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-02-01"
},
{
"name":"[alsa-devel] 20171011 [PATCH] ALSA: seq: Fix use-after-free at creating a port",
"refsource":"MLIST",
"url":"http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html"
"name": "[alsa-devel] 20171011 [PATCH] ALSA: seq: Fix use-after-free at creating a port",
"refsource": "MLIST",
"url": "http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html"
},
{
"name":"RHSA-2018:1170",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1170"
"name": "RHSA-2018:1170",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
},
{
"name":"USN-3698-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3698-1/"
"name": "USN-3698-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-1/"
},
{
"name":"RHSA-2018:1130",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1130"
"name": "RHSA-2018:1130",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1130"
},
{
"name":"RHSA-2018:3822",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3822"
"name": "RHSA-2018:3822",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3822"
},
{
"name":"USN-3698-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3698-2/"
"name": "USN-3698-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-2/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

97
2017/17xxx/CVE-2017-17484.json
View File

@ -1,90 +1,91 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2017-17484",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17484",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC."
"lang": "eng",
"value": "The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://ssl.icu-project.org/trac/ticket/13490",
"refsource":"MISC",
"url":"https://ssl.icu-project.org/trac/ticket/13490"
"name": "https://ssl.icu-project.org/trac/ticket/13490",
"refsource": "MISC",
"url": "https://ssl.icu-project.org/trac/ticket/13490"
},
{
"name":"https://ssl.icu-project.org/trac/changeset/40714",
"refsource":"MISC",
"url":"https://ssl.icu-project.org/trac/changeset/40714"
"name": "https://ssl.icu-project.org/trac/changeset/40714",
"refsource": "MISC",
"url": "https://ssl.icu-project.org/trac/changeset/40714"
},
{
"name":"https://github.com/znc/znc/issues/1459",
"refsource":"MISC",
"url":"https://github.com/znc/znc/issues/1459"
"name": "https://github.com/znc/znc/issues/1459",
"refsource": "MISC",
"url": "https://github.com/znc/znc/issues/1459"
},
{
"name":"https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp",
"refsource":"MISC",
"url":"https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp"
"name": "https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp",
"refsource": "MISC",
"url": "https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp"
},
{
"name":"https://ssl.icu-project.org/trac/ticket/13510",
"refsource":"MISC",
"url":"https://ssl.icu-project.org/trac/ticket/13510"
"name": "https://ssl.icu-project.org/trac/ticket/13510",
"refsource": "MISC",
"url": "https://ssl.icu-project.org/trac/ticket/13510"
},
{
"name":"https://ssl.icu-project.org/trac/changeset/40715",
"refsource":"MISC",
"url":"https://ssl.icu-project.org/trac/changeset/40715"
"name": "https://ssl.icu-project.org/trac/changeset/40715",
"refsource": "MISC",
"url": "https://ssl.icu-project.org/trac/changeset/40715"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

139
2017/3xxx/CVE-2017-3730.json
View File

@ -1,129 +1,130 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2017-01-26",
"ID":"CVE-2017-3730",
"STATE":"PUBLIC",
"TITLE":"Bad (EC)DHE parameters cause a client crash"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2017-01-26",
"ID": "CVE-2017-3730",
"STATE": "PUBLIC",
"TITLE": "Bad (EC)DHE parameters cause a client crash"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"openssl-1.1.0"
"version_value": "openssl-1.1.0"
},
{
"version_value":"openssl-1.1.0a"
"version_value": "openssl-1.1.0a"
},
{
"version_value":"openssl-1.1.0b"
"version_value": "openssl-1.1.0b"
},
{
"version_value":"openssl-1.1.0c"
"version_value": "openssl-1.1.0c"
}
]
}
}
]
},
"vendor_name":"OpenSSL"
"vendor_name": "OpenSSL"
}
]
}
},
"credit":[
"credit": [
{
"lang":"eng",
"value":"Guido Vranken"
"lang": "eng",
"value": "Guido Vranken"
}
],
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack."
"lang": "eng",
"value": "In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack."
}
]
},
"impact":[
"impact": [
{
"lang":"eng",
"url":"https://www.openssl.org/policies/secpolicy.html#Moderate",
"value":"Moderate"
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"NULL pointer deference"
"lang": "eng",
"value": "NULL pointer deference"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"41192",
"refsource":"EXPLOIT-DB",
"url":"https://www.exploit-db.com/exploits/41192/"
"name": "41192",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41192/"
},
{
"name":"95812",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/95812"
"name": "95812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95812"
},
{
"name":"https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa",
"refsource":"MISC",
"url":"https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa"
"name": "https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa",
"refsource": "MISC",
"url": "https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa"
},
{
"name":"https://www.openssl.org/news/secadv/20170126.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20170126.txt"
"name": "https://www.openssl.org/news/secadv/20170126.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20170126.txt"
},
{
"name":"1037717",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1037717"
"name": "1037717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037717"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"GLSA-201702-07",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201702-07"
"name": "GLSA-201702-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-07"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

221
2017/3xxx/CVE-2017-3731.json
View File

@ -1,212 +1,213 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2017-01-26",
"ID":"CVE-2017-3731",
"STATE":"PUBLIC",
"TITLE":"Truncated packet could crash via OOB read"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2017-01-26",
"ID": "CVE-2017-3731",
"STATE": "PUBLIC",
"TITLE": "Truncated packet could crash via OOB read"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"openssl-1.1.0"
"version_value": "openssl-1.1.0"
},
{
"version_value":"openssl-1.1.0a"
"version_value": "openssl-1.1.0a"
},
{
"version_value":"openssl-1.1.0b"
"version_value": "openssl-1.1.0b"
},
{
"version_value":"openssl-1.1.0c"
"version_value": "openssl-1.1.0c"
},
{
"version_value":"openssl-1.0.2"
"version_value": "openssl-1.0.2"
},
{
"version_value":"openssl-1.0.2a"
"version_value": "openssl-1.0.2a"
},
{
"version_value":"openssl-1.0.2b"
"version_value": "openssl-1.0.2b"
},
{
"version_value":"openssl-1.0.2c"
"version_value": "openssl-1.0.2c"
},
{
"version_value":"openssl-1.0.2d"
"version_value": "openssl-1.0.2d"
},
{
"version_value":"openssl-1.0.2e"
"version_value": "openssl-1.0.2e"
},
{
"version_value":"openssl-1.0.2f"
"version_value": "openssl-1.0.2f"
},
{
"version_value":"openssl-1.0.2g"
"version_value": "openssl-1.0.2g"
},
{
"version_value":"openssl-1.0.2h"
"version_value": "openssl-1.0.2h"
},
{
"version_value":"openssl-1.0.2i"
"version_value": "openssl-1.0.2i"
},
{
"version_value":"openssl-1.0.2j"
"version_value": "openssl-1.0.2j"
}
]
}
}
]
},
"vendor_name":"OpenSSL"
"vendor_name": "OpenSSL"
}
]
}
},
"credit":[
"credit": [
{
"lang":"eng",
"value":"Robert \u015awi\u0119cki of Google"
"lang": "eng",
"value": "Robert \u015awi\u0119cki of Google"
}
],
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k."
"lang": "eng",
"value": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k."
}
]
},
"impact":[
"impact": [
{
"lang":"eng",
"url":"https://www.openssl.org/policies/secpolicy.html#Moderate",
"value":"Moderate"
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"out-of-bounds read"
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2018:2185",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2185"
"name": "RHSA-2018:2185",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"name":"RHSA-2018:2186",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2186"
"name": "RHSA-2018:2186",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"name":"https://security.netapp.com/advisory/ntap-20171019-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20171019-0002/"
"name": "https://security.netapp.com/advisory/ntap-20171019-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"95813",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/95813"
"name": "95813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95813"
},
{
"name":"RHSA-2017:0286",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0286.html"
"name": "RHSA-2017:0286",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"name":"FreeBSD-SA-17:02",
"refsource":"FREEBSD",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
"name": "FreeBSD-SA-17:02",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
},
{
"name":"https://www.openssl.org/news/secadv/20170126.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20170126.txt"
"name": "https://www.openssl.org/news/secadv/20170126.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20170126.txt"
},
{
"name":"1037717",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1037717"
"name": "1037717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037717"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"https://www.tenable.com/security/tns-2017-04",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2017-04"
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name":"https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource":"CONFIRM",
"url":"https://source.android.com/security/bulletin/pixel/2017-11-01"
"name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"name":"GLSA-201702-07",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201702-07"
"name": "GLSA-201702-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-07"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name":"DSA-3773",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2017/dsa-3773"
"name": "DSA-3773",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3773"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"
},
{
"name":"http://securityadvisories.paloaltonetworks.com/Home/Detail/82",
"refsource":"CONFIRM",
"url":"http://securityadvisories.paloaltonetworks.com/Home/Detail/82"
"name": "http://securityadvisories.paloaltonetworks.com/Home/Detail/82",
"refsource": "CONFIRM",
"url": "http://securityadvisories.paloaltonetworks.com/Home/Detail/82"
},
{
"name":"RHSA-2018:2187",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2187"
"name": "RHSA-2018:2187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"name":"https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21",
"refsource":"MISC",
"url":"https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
"name": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21",
"refsource": "MISC",
"url": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

209
2017/3xxx/CVE-2017-3732.json
View File

@ -1,202 +1,203 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2017-01-26",
"ID":"CVE-2017-3732",
"STATE":"PUBLIC",
"TITLE":"BN_mod_exp may produce incorrect results on x86_64"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2017-01-26",
"ID": "CVE-2017-3732",
"STATE": "PUBLIC",
"TITLE": "BN_mod_exp may produce incorrect results on x86_64"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"openssl-1.1.0"
"version_value": "openssl-1.1.0"
},
{
"version_value":"openssl-1.1.0a"
"version_value": "openssl-1.1.0a"
},
{
"version_value":"openssl-1.1.0b"
"version_value": "openssl-1.1.0b"
},
{
"version_value":"openssl-1.1.0c"
"version_value": "openssl-1.1.0c"
},
{
"version_value":"openssl-1.0.2"
"version_value": "openssl-1.0.2"
},
{
"version_value":"openssl-1.0.2a"
"version_value": "openssl-1.0.2a"
},
{
"version_value":"openssl-1.0.2b"
"version_value": "openssl-1.0.2b"
},
{
"version_value":"openssl-1.0.2c"
"version_value": "openssl-1.0.2c"
},
{
"version_value":"openssl-1.0.2d"
"version_value": "openssl-1.0.2d"
},
{
"version_value":"openssl-1.0.2e"
"version_value": "openssl-1.0.2e"
},
{
"version_value":"openssl-1.0.2f"
"version_value": "openssl-1.0.2f"
},
{
"version_value":"openssl-1.0.2g"
"version_value": "openssl-1.0.2g"
},
{
"version_value":"openssl-1.0.2h"
"version_value": "openssl-1.0.2h"
},
{
"version_value":"openssl-1.0.2i"
"version_value": "openssl-1.0.2i"
},
{
"version_value":"openssl-1.0.2j"
"version_value": "openssl-1.0.2j"
}
]
}
}
]
},
"vendor_name":"OpenSSL"
"vendor_name": "OpenSSL"
}
]
}
},
"credit":[
"credit": [
{
"lang":"eng",
"value":"OSS-Fuzz project"
"lang": "eng",
"value": "OSS-Fuzz project"
}
],
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem."
"lang": "eng",
"value": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem."
}
]
},
"impact":[
"impact": [
{
"lang":"eng",
"url":"https://www.openssl.org/policies/secpolicy.html#Moderate",
"value":"Moderate"
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"carry-propagating bug"
"lang": "eng",
"value": "carry-propagating bug"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2018:2185",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2185"
"name": "RHSA-2018:2185",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"name":"RHSA-2018:2186",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2186"
"name": "RHSA-2018:2186",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"RHSA-2018:2713",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2713"
"name": "RHSA-2018:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2713"
},
{
"name":"https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b",
"refsource":"MISC",
"url":"https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
"name": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b",
"refsource": "MISC",
"url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
},
{
"name":"FreeBSD-SA-17:02",
"refsource":"FREEBSD",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
"name": "FreeBSD-SA-17:02",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
},
{
"name":"https://www.openssl.org/news/secadv/20170126.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20170126.txt"
"name": "https://www.openssl.org/news/secadv/20170126.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20170126.txt"
},
{
"name":"1037717",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1037717"
"name": "1037717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037717"
},
{
"name":"RHSA-2018:2575",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2575"
"name": "RHSA-2018:2575",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2575"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"https://www.tenable.com/security/tns-2017-04",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2017-04"
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name":"GLSA-201702-07",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201702-07"
"name": "GLSA-201702-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-07"
},
{
"name":"RHSA-2018:2568",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2568"
"name": "RHSA-2018:2568",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2568"
},
{
"name":"95814",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/95814"
"name": "95814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95814"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"
},
{
"name":"RHSA-2018:2187",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2187"
"name": "RHSA-2018:2187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

129
2017/3xxx/CVE-2017-3733.json
View File

@ -1,122 +1,123 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2017-02-16",
"ID":"CVE-2017-3733",
"STATE":"PUBLIC",
"TITLE":"Encrypt-Then-Mac renegotiation crash"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2017-02-16",
"ID": "CVE-2017-3733",
"STATE": "PUBLIC",
"TITLE": "Encrypt-Then-Mac renegotiation crash"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"openssl-1.1.0"
"version_value": "openssl-1.1.0"
},
{
"version_value":"openssl-1.1.0a"
"version_value": "openssl-1.1.0a"
},
{
"version_value":"openssl-1.1.0b"
"version_value": "openssl-1.1.0b"
},
{
"version_value":"openssl-1.1.0c"
"version_value": "openssl-1.1.0c"
},
{
"version_value":"openssl-1.1.0d"
"version_value": "openssl-1.1.0d"
}
]
}
}
]
},
"vendor_name":"OpenSSL"
"vendor_name": "OpenSSL"
}
]
}
},
"credit":[
"credit": [
{
"lang":"eng",
"value":"Joe Orton (Red Hat)"
"lang": "eng",
"value": "Joe Orton (Red Hat)"
}
],
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected."
"lang": "eng",
"value": "During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected."
}
]
},
"impact":[
"impact": [
{
"lang":"eng",
"url":"https://www.openssl.org/policies/secpolicy.html#High",
"value":"High"
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#High",
"value": "High"
}
],
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"protocol error"
"lang": "eng",
"value": "protocol error"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"96269",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/96269"
"name": "96269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96269"
},
{
"name":"https://www.openssl.org/news/secadv/20170216.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20170216.txt"
"name": "https://www.openssl.org/news/secadv/20170216.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20170216.txt"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us"
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"refsource":"MISC",
"url":"https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2"
"name": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"refsource": "MISC",
"url": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2"
},
{
"name":"1037846",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1037846"
"name": "1037846",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037846"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

203
2017/3xxx/CVE-2017-3735.json
View File

@ -1,179 +1,180 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2017-08-28T00:00:00",
"ID":"CVE-2017-3735",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2017-08-28T00:00:00",
"ID": "CVE-2017-3735",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"1.1.0"
"version_value": "1.1.0"
},
{
"version_value":"1.0.2"
"version_value": "1.0.2"
}
]
}
}
]
},
"vendor_name":"OpenSSL Software Foundation"
"vendor_name": "OpenSSL Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g."
"lang": "eng",
"value": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"out of bounds read"
"lang": "eng",
"value": "out of bounds read"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"1039726",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1039726"
"name": "1039726",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039726"
},
{
"name":"https://security.netapp.com/advisory/ntap-20171107-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20171107-0002/"
"name": "https://security.netapp.com/advisory/ntap-20171107-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"USN-3611-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3611-2/"
"name": "USN-3611-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3611-2/"
},
{
"name":"DSA-4018",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2017/dsa-4018"
"name": "DSA-4018",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4018"
},
{
"name":"GLSA-201712-03",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201712-03"
"name": "GLSA-201712-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201712-03"
},
{
"name":"https://support.apple.com/HT208331",
"refsource":"CONFIRM",
"url":"https://support.apple.com/HT208331"
"name": "https://support.apple.com/HT208331",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208331"
},
{
"name":"[debian-lts-announce] 20171109 [SECURITY] [DLA-1157-1] openssl security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html"
"name": "[debian-lts-announce] 20171109 [SECURITY] [DLA-1157-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html"
},
{
"name":"https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822",
"refsource":"MISC",
"url":"https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822"
"name": "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822",
"refsource": "MISC",
"url": "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822"
},
{
"name":"RHSA-2018:3505",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3505"
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name":"https://security.netapp.com/advisory/ntap-20170927-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20170927-0001/"
"name": "https://security.netapp.com/advisory/ntap-20170927-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20170927-0001/"
},
{
"name":"https://www.tenable.com/security/tns-2017-15",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2017-15"
"name": "https://www.tenable.com/security/tns-2017-15",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-15"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"https://www.openssl.org/news/secadv/20171102.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20171102.txt"
"name": "https://www.openssl.org/news/secadv/20171102.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20171102.txt"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"DSA-4017",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2017/dsa-4017"
"name": "DSA-4017",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4017"
},
{
"name":"RHSA-2018:3221",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3221"
"name": "RHSA-2018:3221",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3221"
},
{
"name":"100515",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/100515"
"name": "100515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100515"
},
{
"name":"https://www.tenable.com/security/tns-2017-14",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2017-14"
"name": "https://www.tenable.com/security/tns-2017-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-14"
},
{
"name":"FreeBSD-SA-17:11",
"refsource":"FREEBSD",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc"
"name": "FreeBSD-SA-17:11",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc"
},
{
"name":"https://www.openssl.org/news/secadv/20170828.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20170828.txt"
"name": "https://www.openssl.org/news/secadv/20170828.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20170828.txt"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

215
2017/3xxx/CVE-2017-3736.json
View File

@ -1,189 +1,190 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2017-11-02T00:00:00",
"ID":"CVE-2017-3736",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2017-11-02T00:00:00",
"ID": "CVE-2017-3736",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"1.1.0 - 1.1.0f"
"version_value": "1.1.0 - 1.1.0f"
},
{
"version_value":"1.0.2 - 1.0.2l"
"version_value": "1.0.2 - 1.0.2l"
}
]
}
}
]
},
"vendor_name":"OpenSSL Software Foundation"
"vendor_name": "OpenSSL Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen."
"lang": "eng",
"value": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"carry-propagating bug"
"lang": "eng",
"value": "carry-propagating bug"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://security.netapp.com/advisory/ntap-20171107-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20171107-0002/"
"name": "https://security.netapp.com/advisory/ntap-20171107-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
},
{
"name":"RHSA-2018:2185",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2185"
"name": "RHSA-2018:2185",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"name":"https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871",
"refsource":"MISC",
"url":"https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871"
"name": "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871",
"refsource": "MISC",
"url": "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871"
},
{
"name":"RHSA-2018:2186",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2186"
"name": "RHSA-2018:2186",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"RHSA-2018:2713",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2713"
"name": "RHSA-2018:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2713"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"DSA-4018",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2017/dsa-4018"
"name": "DSA-4018",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4018"
},
{
"name":"GLSA-201712-03",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201712-03"
"name": "GLSA-201712-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201712-03"
},
{
"name":"RHSA-2018:0998",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0998"
"name": "RHSA-2018:0998",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0998"
},
{
"name":"RHSA-2018:2575",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2575"
"name": "RHSA-2018:2575",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2575"
},
{
"name":"https://www.tenable.com/security/tns-2017-15",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2017-15"
"name": "https://www.tenable.com/security/tns-2017-15",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-15"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"101666",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/101666"
"name": "101666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101666"
},
{
"name":"RHSA-2018:2568",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2568"
"name": "RHSA-2018:2568",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2568"
},
{
"name":"https://www.openssl.org/news/secadv/20171102.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20171102.txt"
"name": "https://www.openssl.org/news/secadv/20171102.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20171102.txt"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"DSA-4017",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2017/dsa-4017"
"name": "DSA-4017",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4017"
},
{
"name":"https://www.tenable.com/security/tns-2017-14",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2017-14"
"name": "https://www.tenable.com/security/tns-2017-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-14"
},
{
"name":"FreeBSD-SA-17:11",
"refsource":"FREEBSD",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc"
"name": "FreeBSD-SA-17:11",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc"
},
{
"name":"1039727",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1039727"
"name": "1039727",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039727"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us"
},
{
"name":"RHSA-2018:2187",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2187"
"name": "RHSA-2018:2187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180117-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180117-0002/"
"name": "https://security.netapp.com/advisory/ntap-20180117-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

215
2017/3xxx/CVE-2017-3738.json
View File

@ -1,189 +1,190 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2017-12-07T00:00:00",
"ID":"CVE-2017-3738",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2017-12-07T00:00:00",
"ID": "CVE-2017-3738",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"1.0.2-1.02m"
"version_value": "1.0.2-1.02m"
},
{
"version_value":"1.1.0-1.1.0g"
"version_value": "1.1.0-1.1.0g"
}
]
}
}
]
},
"vendor_name":"OpenSSL Software Foundation"
"vendor_name": "OpenSSL Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository."
"lang": "eng",
"value": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"carry-propagating bug"
"lang": "eng",
"value": "carry-propagating bug"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.tenable.com/security/tns-2018-07",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-07"
"name": "https://www.tenable.com/security/tns-2018-07",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-07"
},
{
"name":"https://www.tenable.com/security/tns-2018-04",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-04"
"name": "https://www.tenable.com/security/tns-2018-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-04"
},
{
"name":"RHSA-2018:2185",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2185"
"name": "RHSA-2018:2185",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"name":"RHSA-2018:2186",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2186"
"name": "RHSA-2018:2186",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"FreeBSD-SA-17:12",
"refsource":"FREEBSD",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
"name": "FreeBSD-SA-17:12",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
},
{
"name":"GLSA-201712-03",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201712-03"
"name": "GLSA-201712-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201712-03"
},
{
"name":"1039978",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1039978"
"name": "1039978",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039978"
},
{
"name":"DSA-4157",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4157"
"name": "DSA-4157",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4157"
},
{
"name":"https://www.openssl.org/news/secadv/20171207.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20171207.txt"
"name": "https://www.openssl.org/news/secadv/20171207.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20171207.txt"
},
{
"name":"RHSA-2018:0998",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0998"
"name": "RHSA-2018:0998",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0998"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a",
"refsource":"MISC",
"url":"https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
"name": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a",
"refsource": "MISC",
"url": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
},
{
"name":"https://www.tenable.com/security/tns-2018-06",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-06"
"name": "https://www.tenable.com/security/tns-2018-06",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-06"
},
{
"name":"DSA-4065",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2017/dsa-4065"
"name": "DSA-4065",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4065"
},
{
"name":"https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/",
"refsource":"CONFIRM",
"url":"https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
"name": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"102118",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/102118"
"name": "102118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102118"
},
{
"name":"https://www.tenable.com/security/tns-2017-16",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2017-16"
"name": "https://www.tenable.com/security/tns-2017-16",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-16"
},
{
"name":"https://www.openssl.org/news/secadv/20180327.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20180327.txt"
"name": "https://www.openssl.org/news/secadv/20180327.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20180327.txt"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us"
},
{
"name":"RHSA-2018:2187",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2187"
"name": "RHSA-2018:2187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"name":"https://security.netapp.com/advisory/ntap-20171208-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20171208-0001/"
"name": "https://security.netapp.com/advisory/ntap-20171208-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

150
2017/5xxx/CVE-2017-5533.json
View File

@ -1,141 +1,141 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@tibco.com",
"DATE_PUBLIC":"2017-11-17T17:00:00.000Z",
"ID":"CVE-2017-5533",
"STATE":"PUBLIC",
"TITLE":"TIBCO JasperReports Server credentials disclosure"
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2017-11-17T17:00:00.000Z",
"ID": "CVE-2017-5533",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server credentials disclosure"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"TIBCO JasperReports Server",
"version":{
"version_data":[
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_value":"6.4.0"
"version_value": "6.4.0"
}
]
}
},
{
"product_name":"TIBCO JasperReports Server Community Edition",
"version":{
"version_data":[
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"version_value":"6.4.0"
"version_value": "6.4.0"
}
]
}
},
{
"product_name":"TIBCO JasperReports Server for ActiveMatrix BPM",
"version":{
"version_data":[
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_value":"6.4.0"
"version_value": "6.4.0"
}
]
}
},
{
"product_name":"TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version":{
"version_data":[
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"version_value":"6.4.0"
"version_value": "6.4.0"
}
]
}
},
{
"product_name":"TIBCO Jaspersoft Reporting and Analytics for AWS",
"version":{
"version_data":[
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"version_value":"6.4.0"
"version_value": "6.4.0"
}
]
}
}
]
},
"vendor_name":"TIBCO Software Inc."
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0."
"lang": "eng",
"value": "A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0."
}
]
},
"impact":{
"cvss":{
"attackComplexity":"LOW",
"attackVector":"NETWORK",
"availabilityImpact":"NONE",
"baseScore":9.3,
"baseSeverity":"CRITICAL",
"confidentialityImpact":"HIGH",
"integrityImpact":"LOW",
"privilegesRequired":"NONE",
"scope":"CHANGED",
"userInteraction":"NONE",
"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version":"3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"The impact includes the possible access to web application configuration files that contain the credentials used by the server. Those credentials could then be used to affect external systems accessed by the JasperReports Server."
"lang": "eng",
"value": "The impact includes the possible access to web application configuration files that contain the credentials used by the server. Those credentials could then be used to affect external systems accessed by the JasperReports Server."
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017",
"refsource":"CONFIRM",
"url":"http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017"
"name": "http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017"
},
{
"name":"101878",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/101878"
"name": "101878",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101878"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
},
"solution": "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\n\n TIBCO JasperReports Server versions 6.4.0 update to version 6.4.2 or higher\n\n TIBCO JasperReports Server Community Edition version 6.4.0 update to version 6.4.2 or higher\n\n TIBCO JasperReports Server for ActiveMatrix BPM version 6.4.0 update to version 6.4.2 or higher\n\n TIBCO Jaspersoft for AWS with Multi-Tenancy version 6.4.0 update to version 6.4.2 or higher\n \n TIBCO Jaspersoft Reporting and Analytics for AWS version 6.4.0 update to version 6.4.2 or higher\n"
}

235
2017/5xxx/CVE-2017-5645.json
View File

@ -1,205 +1,206 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"ID":"CVE-2017-5645",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-5645",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache Log4j",
"version":{
"version_data":[
"product_name": "Apache Log4j",
"version": {
"version_data": [
{
"version_value":"All versions between 2.0-alpha1 and 2.8.1"
"version_value": "All versions between 2.0-alpha1 and 2.8.1"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code."
"lang": "eng",
"value": "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Remote Code Execution."
"lang": "eng",
"value": "Remote Code Execution."
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2017:2888",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2888"
"name": "RHSA-2017:2888",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2888"
},
{
"name":"RHSA-2017:2809",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2809"
"name": "RHSA-2017:2809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2809"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"97702",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/97702"
"name": "97702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97702"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"1041294",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041294"
"name": "1041294",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041294"
},
{
"name":"RHSA-2017:2810",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2810"
"name": "RHSA-2017:2810",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2810"
},
{
"name":"RHSA-2017:1801",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1801"
"name": "RHSA-2017:1801",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"name":"RHSA-2017:2889",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2889"
"name": "RHSA-2017:2889",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2889"
},
{
"name":"RHSA-2017:2635",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2635"
"name": "RHSA-2017:2635",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2635"
},
{
"name":"RHSA-2017:2638",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2638"
"name": "RHSA-2017:2638",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2638"
},
{
"name":"https://security.netapp.com/advisory/ntap-20181107-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20181107-0002/"
"name": "https://security.netapp.com/advisory/ntap-20181107-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181107-0002/"
},
{
"name":"RHSA-2017:1417",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1417"
"name": "RHSA-2017:1417",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1417"
},
{
"name":"RHSA-2017:2423",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2423"
"name": "RHSA-2017:2423",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2423"
},
{
"name":"RHSA-2017:2808",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2808"
"name": "RHSA-2017:2808",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2808"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"1040200",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040200"
"name": "1040200",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040200"
},
{
"name":"RHSA-2017:2636",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2636"
"name": "RHSA-2017:2636",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2636"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"RHSA-2017:3399",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3399"
"name": "RHSA-2017:3399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3399"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180726-0002/"
"name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name":"RHSA-2017:2637",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2637"
"name": "RHSA-2017:2637",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2637"
},
{
"name":"RHSA-2017:3244",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3244"
"name": "RHSA-2017:3244",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3244"
},
{
"name":"https://issues.apache.org/jira/browse/LOG4J2-1863",
"refsource":"CONFIRM",
"url":"https://issues.apache.org/jira/browse/LOG4J2-1863"
"name": "https://issues.apache.org/jira/browse/LOG4J2-1863",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/LOG4J2-1863"
},
{
"name":"RHSA-2017:3400",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3400"
"name": "RHSA-2017:3400",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3400"
},
{
"name":"RHSA-2017:2633",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2633"
"name": "RHSA-2017:2633",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2633"
},
{
"name":"RHSA-2017:2811",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2811"
"name": "RHSA-2017:2811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2811"
},
{
"name":"RHSA-2017:1802",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1802"
"name": "RHSA-2017:1802",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

265
2017/5xxx/CVE-2017-5664.json
View File

@ -1,234 +1,235 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"ID":"CVE-2017-5664",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-5664",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache Tomcat",
"version":{
"version_data":[
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value":"9.0.0.M1 to 9.0.0.M20"
"version_value": "9.0.0.M1 to 9.0.0.M20"
},
{
"version_value":"8.5.0 to 8.5.14"
"version_value": "8.5.0 to 8.5.14"
},
{
"version_value":"8.0.0.RC1 to 8.0.43"
"version_value": "8.0.0.RC1 to 8.0.43"
},
{
"version_value":"7.0.0 to 7.0.77"
"version_value": "7.0.0 to 7.0.77"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method."
"lang": "eng",
"value": "The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Security Constrainy Bypass"
"lang": "eng",
"value": "Security Constrainy Bypass"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"DSA-3891",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2017/dsa-3891"
"name": "DSA-3891",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3891"
},
{
"name":"https://security.netapp.com/advisory/ntap-20171019-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20171019-0002/"
"name": "https://security.netapp.com/advisory/ntap-20171019-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
},
{
"name":"98888",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/98888"
"name": "98888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98888"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"RHSA-2017:3080",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3080"
"name": "RHSA-2017:3080",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"
},
{
"name":"RHSA-2017:1801",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1801"
"name": "RHSA-2017:1801",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"name":"RHSA-2017:2635",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2635"
"name": "RHSA-2017:2635",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2635"
},
{
"name":"RHSA-2017:2638",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2638"
"name": "RHSA-2017:2638",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2638"
},
{
"name":"RHSA-2017:2494",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2494"
"name": "RHSA-2017:2494",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"[tomcat-users] 20170606 [SECURITY] CVE-2017-5664 Apache Tomcat Security Constraint Bypass",
"refsource":"MLIST",
"url":"https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E"
"name": "[tomcat-users] 20170606 [SECURITY] CVE-2017-5664 Apache Tomcat Security Constraint Bypass",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E"
},
{
"name":"RHSA-2017:2636",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2636"
"name": "RHSA-2017:2636",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2636"
},
{
"name":"RHSA-2017:1809",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1809"
"name": "RHSA-2017:1809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1809"
},
{
"name":"RHSA-2017:2637",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2637"
"name": "RHSA-2017:2637",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2637"
},
{
"name":"1038641",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1038641"
"name": "1038641",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038641"
},
{
"name":"DSA-3892",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2017/dsa-3892"
"name": "DSA-3892",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3892"
},
{
"name":"RHSA-2017:2633",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2633"
"name": "RHSA-2017:2633",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2633"
},
{
"name":"RHSA-2017:1802",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1802"
"name": "RHSA-2017:1802",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"name":"RHSA-2017:2493",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2493"
"name": "RHSA-2017:2493",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

435
2017/5xxx/CVE-2017-5753.json
View File

@ -1,371 +1,372 @@
{
"CVE_data_meta":{
"ASSIGNER":"secure@intel.com",
"DATE_PUBLIC":"2018-01-03T00:00:00",
"ID":"CVE-2017-5753",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2017-5753",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Most Modern Operating Systems",
"version":{
"version_data":[
"product_name": "Most Modern Operating Systems",
"version": {
"version_data": [
{
"version_value":"All"
"version_value": "All"
}
]
}
}
]
},
"vendor_name":"Intel Corporation"
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://nvidia.custhelp.com/app/answers/detail/a_id/4609",
"refsource":"CONFIRM",
"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name":"[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name":"DSA-4187",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4187"
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name":"USN-3542-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3542-2/"
"name": "USN-3542-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3542-2/"
},
{
"name":"GLSA-201810-06",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201810-06"
"name": "GLSA-201810-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name":"USN-3540-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3540-2/"
"name": "USN-3540-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"name":"https://access.redhat.com/security/vulnerabilities/speculativeexecution",
"refsource":"CONFIRM",
"url":"https://access.redhat.com/security/vulnerabilities/speculativeexecution"
"name": "https://access.redhat.com/security/vulnerabilities/speculativeexecution",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002",
"refsource":"CONFIRM",
"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name":"USN-3597-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3597-1/"
"name": "USN-3597-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"name":"[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name":"SUSE-SU-2018:0012",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
"name": "SUSE-SU-2018:0012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name":"SUSE-SU-2018:0011",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
"name": "SUSE-SU-2018:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name":"http://nvidia.custhelp.com/app/answers/detail/a_id/4611",
"refsource":"CONFIRM",
"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"name":"https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html",
"refsource":"MISC",
"url":"https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
"name": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html",
"refsource": "MISC",
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"name":"https://cert.vde.com/en-us/advisories/vde-2018-002",
"refsource":"CONFIRM",
"url":"https://cert.vde.com/en-us/advisories/vde-2018-002"
"name": "https://cert.vde.com/en-us/advisories/vde-2018-002",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name":"USN-3580-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3580-1/"
"name": "USN-3580-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3580-1/"
},
{
"name":"https://support.f5.com/csp/article/K91229003",
"refsource":"CONFIRM",
"url":"https://support.f5.com/csp/article/K91229003"
"name": "https://support.f5.com/csp/article/K91229003",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"name":"openSUSE-SU-2018:0022",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
"name": "openSUSE-SU-2018:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name":"DSA-4188",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4188"
"name": "DSA-4188",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name":"RHSA-2018:0292",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0292"
"name": "RHSA-2018:0292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"name":"http://xenbits.xen.org/xsa/advisory-254.html",
"refsource":"CONFIRM",
"url":"http://xenbits.xen.org/xsa/advisory-254.html"
"name": "http://xenbits.xen.org/xsa/advisory-254.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180104-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180104-0001/"
"name": "https://security.netapp.com/advisory/ntap-20180104-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"name":"https://www.synology.com/support/security/Synology_SA_18_01",
"refsource":"CONFIRM",
"url":"https://www.synology.com/support/security/Synology_SA_18_01"
"name": "https://www.synology.com/support/security/Synology_SA_18_01",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"name":"https://01.org/security/advisories/intel-oss-10002",
"refsource":"CONFIRM",
"url":"https://01.org/security/advisories/intel-oss-10002"
"name": "https://01.org/security/advisories/intel-oss-10002",
"refsource": "CONFIRM",
"url": "https://01.org/security/advisories/intel-oss-10002"
},
{
"name":"http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html",
"refsource":"MISC",
"url":"http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
"name": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
},
{
"name":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt",
"refsource":"CONFIRM",
"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"name":"[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name":"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource":"CONFIRM",
"url":"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name":"VU#584653",
"refsource":"CERT-VN",
"url":"http://www.kb.cert.org/vuls/id/584653"
"name": "VU#584653",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"name":"VU#180049",
"refsource":"CERT-VN",
"url":"https://www.kb.cert.org/vuls/id/180049"
"name": "VU#180049",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name":"https://cert.vde.com/en-us/advisories/vde-2018-003",
"refsource":"CONFIRM",
"url":"https://cert.vde.com/en-us/advisories/vde-2018-003"
"name": "https://cert.vde.com/en-us/advisories/vde-2018-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"name":"https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource":"CONFIRM",
"url":"https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
"name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"name":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001",
"refsource":"CONFIRM",
"url":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"name":"https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf",
"refsource":"CONFIRM",
"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us"
},
{
"name":"USN-3549-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3549-1/"
"name": "USN-3549-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3549-1/"
},
{
"name":"https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/",
"refsource":"CONFIRM",
"url":"https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
"name": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"name":"https://support.citrix.com/article/CTX231399",
"refsource":"CONFIRM",
"url":"https://support.citrix.com/article/CTX231399"
"name": "https://support.citrix.com/article/CTX231399",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX231399"
},
{
"name":"https://spectreattack.com/",
"refsource":"MISC",
"url":"https://spectreattack.com/"
"name": "https://spectreattack.com/",
"refsource": "MISC",
"url": "https://spectreattack.com/"
},
{
"name":"https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/",
"refsource":"CONFIRM",
"url":"https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
"name": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/",
"refsource": "CONFIRM",
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"name":"https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/",
"refsource":"CONFIRM",
"url":"https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
"name": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/",
"refsource": "CONFIRM",
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name":"1040071",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040071"
"name": "1040071",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040071"
},
{
"name":"102371",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/102371"
"name": "102371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102371"
},
{
"name":"USN-3597-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3597-2/"
"name": "USN-3597-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"name":"http://nvidia.custhelp.com/app/answers/detail/a_id/4614",
"refsource":"CONFIRM",
"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name":"SUSE-SU-2018:0010",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
"name": "SUSE-SU-2018:0010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name":"USN-3540-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3540-1/"
"name": "USN-3540-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3540-1/"
},
{
"name":"20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"refsource":"CISCO",
"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
"name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name":"USN-3516-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/usn/usn-3516-1/"
"name": "USN-3516-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"name":"https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html",
"refsource":"CONFIRM",
"url":"https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
"name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
},
{
"name":"43427",
"refsource":"EXPLOIT-DB",
"url":"https://www.exploit-db.com/exploits/43427/"
"name": "43427",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43427/"
},
{
"name":"USN-3541-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3541-1/"
"name": "USN-3541-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3541-1/"
},
{
"name":"USN-3541-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3541-2/"
"name": "USN-3541-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"name":"USN-3542-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3542-1/"
"name": "USN-3542-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3542-1/"
},
{
"name":"https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html",
"refsource":"MISC",
"url":"https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
"name": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html",
"refsource": "MISC",
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"name":"https://support.lenovo.com/us/en/solutions/LEN-18282",
"refsource":"CONFIRM",
"url":"https://support.lenovo.com/us/en/solutions/LEN-18282"
"name": "https://support.lenovo.com/us/en/solutions/LEN-18282",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"name":"openSUSE-SU-2018:0023",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
"name": "openSUSE-SU-2018:0023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"name":"http://nvidia.custhelp.com/app/answers/detail/a_id/4613",
"refsource":"CONFIRM",
"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"refsource":"MLIST",
"name":"[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource":"MLIST",
"name":"[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

435
2017/5xxx/CVE-2017-5754.json
View File

@ -1,371 +1,372 @@
{
"CVE_data_meta":{
"ASSIGNER":"secure@intel.com",
"DATE_PUBLIC":"2018-01-03T00:00:00",
"ID":"CVE-2017-5754",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2017-5754",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Most Modern Operating Systems",
"version":{
"version_data":[
"product_name": "Most Modern Operating Systems",
"version": {
"version_data": [
{
"version_value":"All"
"version_value": "All"
}
]
}
}
]
},
"vendor_name":"Intel Corporation"
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache."
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://nvidia.custhelp.com/app/answers/detail/a_id/4609",
"refsource":"CONFIRM",
"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name":"USN-3523-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3523-1/"
"name": "USN-3523-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3523-1/"
},
{
"name":"USN-3525-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/usn/usn-3525-1/"
"name": "USN-3525-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3525-1/"
},
{
"name":"https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin",
"refsource":"CONFIRM",
"url":"https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
"name": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
},
{
"name":"GLSA-201810-06",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201810-06"
"name": "GLSA-201810-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name":"DSA-4082",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4082"
"name": "DSA-4082",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4082"
},
{
"name":"https://support.citrix.com/article/CTX234679",
"refsource":"CONFIRM",
"url":"https://support.citrix.com/article/CTX234679"
"name": "https://support.citrix.com/article/CTX234679",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234679"
},
{
"name":"USN-3540-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3540-2/"
"name": "USN-3540-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"name":"USN-3522-3",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3522-3/"
"name": "USN-3522-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3522-3/"
},
{
"name":"https://access.redhat.com/security/vulnerabilities/speculativeexecution",
"refsource":"CONFIRM",
"url":"https://access.redhat.com/security/vulnerabilities/speculativeexecution"
"name": "https://access.redhat.com/security/vulnerabilities/speculativeexecution",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"name":"[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
"name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
},
{
"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002",
"refsource":"CONFIRM",
"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name":"USN-3597-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3597-1/"
"name": "USN-3597-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"name":"SUSE-SU-2018:0012",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
"name": "SUSE-SU-2018:0012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name":"SUSE-SU-2018:0011",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
"name": "SUSE-SU-2018:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name":"http://nvidia.custhelp.com/app/answers/detail/a_id/4611",
"refsource":"CONFIRM",
"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"name":"https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html",
"refsource":"MISC",
"url":"https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
"name": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html",
"refsource": "MISC",
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"name":"https://01.org/security/advisories/intel-oss-10003",
"refsource":"CONFIRM",
"url":"https://01.org/security/advisories/intel-oss-10003"
"name": "https://01.org/security/advisories/intel-oss-10003",
"refsource": "CONFIRM",
"url": "https://01.org/security/advisories/intel-oss-10003"
},
{
"name":"https://cert.vde.com/en-us/advisories/vde-2018-002",
"refsource":"CONFIRM",
"url":"https://cert.vde.com/en-us/advisories/vde-2018-002"
"name": "https://cert.vde.com/en-us/advisories/vde-2018-002",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name":"DSA-4120",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4120"
"name": "DSA-4120",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4120"
},
{
"name":"https://support.f5.com/csp/article/K91229003",
"refsource":"CONFIRM",
"url":"https://support.f5.com/csp/article/K91229003"
"name": "https://support.f5.com/csp/article/K91229003",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"name":"USN-3524-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/usn/usn-3524-2/"
"name": "USN-3524-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3524-2/"
},
{
"name":"DSA-4078",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4078"
"name": "DSA-4078",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4078"
},
{
"name":"https://source.android.com/security/bulletin/2018-04-01",
"refsource":"CONFIRM",
"url":"https://source.android.com/security/bulletin/2018-04-01"
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name":"openSUSE-SU-2018:0022",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
"name": "openSUSE-SU-2018:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name":"RHSA-2018:0292",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0292"
"name": "RHSA-2018:0292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"name":"http://xenbits.xen.org/xsa/advisory-254.html",
"refsource":"CONFIRM",
"url":"http://xenbits.xen.org/xsa/advisory-254.html"
"name": "http://xenbits.xen.org/xsa/advisory-254.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180104-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180104-0001/"
"name": "https://security.netapp.com/advisory/ntap-20180104-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"name":"https://www.synology.com/support/security/Synology_SA_18_01",
"refsource":"CONFIRM",
"url":"https://www.synology.com/support/security/Synology_SA_18_01"
"name": "https://www.synology.com/support/security/Synology_SA_18_01",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"name":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt",
"refsource":"CONFIRM",
"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"name":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource":"CONFIRM",
"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name":"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource":"CONFIRM",
"url":"https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name":"VU#584653",
"refsource":"CERT-VN",
"url":"http://www.kb.cert.org/vuls/id/584653"
"name": "VU#584653",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"name":"USN-3522-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/usn/usn-3522-2/"
"name": "USN-3522-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3522-2/"
},
{
"name":"VU#180049",
"refsource":"CERT-VN",
"url":"https://www.kb.cert.org/vuls/id/180049"
"name": "VU#180049",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name":"USN-3583-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3583-1/"
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name":"https://cert.vde.com/en-us/advisories/vde-2018-003",
"refsource":"CONFIRM",
"url":"https://cert.vde.com/en-us/advisories/vde-2018-003"
"name": "https://cert.vde.com/en-us/advisories/vde-2018-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"name":"https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource":"CONFIRM",
"url":"https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
"name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"name":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001",
"refsource":"CONFIRM",
"url":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us"
},
{
"name":"https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/",
"refsource":"CONFIRM",
"url":"https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
"name": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"name":"https://support.citrix.com/article/CTX231399",
"refsource":"CONFIRM",
"url":"https://support.citrix.com/article/CTX231399"
"name": "https://support.citrix.com/article/CTX231399",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX231399"
},
{
"name":"102378",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/102378"
"name": "102378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102378"
},
{
"name":"FreeBSD-SA-18:03",
"refsource":"FREEBSD",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
"name": "FreeBSD-SA-18:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
},
{
"name":"https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/",
"refsource":"CONFIRM",
"url":"https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
"name": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/",
"refsource": "CONFIRM",
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"name":"106128",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/106128"
"name": "106128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106128"
},
{
"name":"https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/",
"refsource":"CONFIRM",
"url":"https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
"name": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/",
"refsource": "CONFIRM",
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name":"1040071",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040071"
"name": "1040071",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040071"
},
{
"name":"USN-3597-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3597-2/"
"name": "USN-3597-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"name":"http://nvidia.custhelp.com/app/answers/detail/a_id/4614",
"refsource":"CONFIRM",
"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name":"SUSE-SU-2018:0010",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
"name": "SUSE-SU-2018:0010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name":"20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"refsource":"CISCO",
"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
"name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name":"USN-3523-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/usn/usn-3523-2/"
"name": "USN-3523-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3523-2/"
},
{
"name":"USN-3516-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/usn/usn-3516-1/"
"name": "USN-3516-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"name":"USN-3541-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3541-2/"
"name": "USN-3541-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"name":"https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html",
"refsource":"MISC",
"url":"https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
"name": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html",
"refsource": "MISC",
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"name":"https://support.lenovo.com/us/en/solutions/LEN-18282",
"refsource":"CONFIRM",
"url":"https://support.lenovo.com/us/en/solutions/LEN-18282"
"name": "https://support.lenovo.com/us/en/solutions/LEN-18282",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"name":"https://meltdownattack.com/",
"refsource":"MISC",
"url":"https://meltdownattack.com/"
"name": "https://meltdownattack.com/",
"refsource": "MISC",
"url": "https://meltdownattack.com/"
},
{
"name":"openSUSE-SU-2018:0023",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
"name": "openSUSE-SU-2018:0023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"name":"http://nvidia.custhelp.com/app/answers/detail/a_id/4613",
"refsource":"CONFIRM",
"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"name":"USN-3522-4",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3522-4/"
"name": "USN-3522-4",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3522-4/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

325
2017/7xxx/CVE-2017-7525.json
View File

@ -1,282 +1,283 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"DATE_PUBLIC":"2017-04-11T00:00:00",
"ID":"CVE-2017-7525",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-04-11T00:00:00",
"ID": "CVE-2017-7525",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"jackson-databind",
"version":{
"version_data":[
"product_name": "jackson-databind",
"version": {
"version_data": [
{
"version_value":"before 2.6.7.1"
"version_value": "before 2.6.7.1"
},
{
"version_value":"before 2.7.9.1"
"version_value": "before 2.7.9.1"
},
{
"version_value":"before 2.8.9"
"version_value": "before 2.8.9"
}
]
}
}
]
},
"vendor_name":"FasterXML"
"vendor_name": "FasterXML"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper."
"lang": "eng",
"value": "A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-184"
"lang": "eng",
"value": "CWE-184"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"1040360",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040360"
"name": "1040360",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040360"
},
{
"name":"RHSA-2017:1840",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1840"
"name": "RHSA-2017:1840",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1840"
},
{
"name":"RHSA-2017:2547",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2547"
"name": "RHSA-2017:2547",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2547"
},
{
"name":"RHSA-2017:1836",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1836"
"name": "RHSA-2017:1836",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1836"
},
{
"name":"https://github.com/FasterXML/jackson-databind/issues/1723",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/issues/1723"
"name": "https://github.com/FasterXML/jackson-databind/issues/1723",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/1723"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"RHSA-2017:1835",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1835"
"name": "RHSA-2017:1835",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1835"
},
{
"name":"https://github.com/FasterXML/jackson-databind/issues/1599",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/issues/1599"
"name": "https://github.com/FasterXML/jackson-databind/issues/1599",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/1599"
},
{
"name":"RHSA-2018:1449",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1449"
"name": "RHSA-2018:1449",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1462702",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"name":"1039744",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1039744"
"name": "1039744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039744"
},
{
"name":"https://security.netapp.com/advisory/ntap-20171214-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20171214-0002/"
"name": "https://security.netapp.com/advisory/ntap-20171214-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171214-0002/"
},
{
"name":"1039947",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1039947"
"name": "1039947",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039947"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us"
},
{
"name":"RHSA-2017:2635",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2635"
"name": "RHSA-2017:2635",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2635"
},
{
"name":"RHSA-2017:2638",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2638"
"name": "RHSA-2017:2638",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2638"
},
{
"name":"RHSA-2018:1450",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1450"
"name": "RHSA-2018:1450",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name":"RHSA-2017:3458",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3458"
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name":"RHSA-2018:0294",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0294"
"name": "RHSA-2018:0294",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0294"
},
{
"name":"RHSA-2017:1837",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1837"
"name": "RHSA-2017:1837",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1837"
},
{
"name":"RHSA-2017:1834",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1834"
"name": "RHSA-2017:1834",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1834"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"RHSA-2017:2546",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2546"
"name": "RHSA-2017:2546",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2546"
},
{
"name":"RHSA-2017:2636",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2636"
"name": "RHSA-2017:2636",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2636"
},
{
"name":"RHSA-2017:3455",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3455"
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name":"RHSA-2017:2477",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2477"
"name": "RHSA-2017:2477",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"RHSA-2017:3456",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3456"
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name":"RHSA-2018:0342",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0342"
"name": "RHSA-2018:0342",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0342"
},
{
"name":"https://cwiki.apache.org/confluence/display/WW/S2-055",
"refsource":"CONFIRM",
"url":"https://cwiki.apache.org/confluence/display/WW/S2-055"
"name": "https://cwiki.apache.org/confluence/display/WW/S2-055",
"refsource": "CONFIRM",
"url": "https://cwiki.apache.org/confluence/display/WW/S2-055"
},
{
"name":"RHSA-2017:1839",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1839"
"name": "RHSA-2017:1839",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1839"
},
{
"name":"99623",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/99623"
"name": "99623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99623"
},
{
"name":"RHSA-2017:2637",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2637"
"name": "RHSA-2017:2637",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2637"
},
{
"name":"RHSA-2017:3454",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3454"
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name":"DSA-4004",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2017/dsa-4004"
"name": "DSA-4004",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4004"
},
{
"name":"RHSA-2017:3141",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3141"
"name": "RHSA-2017:3141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3141"
},
{
"name":"RHSA-2017:2633",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2633"
"name": "RHSA-2017:2633",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2633"
},
{
"refsource":"MLIST",
"name":"[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"url":"https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E"
"refsource": "MLIST",
"name": "[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"url": "https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"url":"https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E"
"refsource": "MLIST",
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"url": "https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"url":"https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E"
"refsource": "MLIST",
"name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"url": "https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"url":"https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E"
"refsource": "MLIST",
"name": "[lucene-dev] 20190325 [jira] [Resolved] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"url": "https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"url":"https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E"
"refsource": "MLIST",
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...",
"url": "https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

91
2017/7xxx/CVE-2017-7867.json
View File

@ -1,85 +1,86 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2017-7867",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7867",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function."
"lang": "eng",
"value": "International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://bugs.icu-project.org/trac/changeset/39671",
"refsource":"MISC",
"url":"http://bugs.icu-project.org/trac/changeset/39671"
"name": "http://bugs.icu-project.org/trac/changeset/39671",
"refsource": "MISC",
"url": "http://bugs.icu-project.org/trac/changeset/39671"
},
{
"name":"DSA-3830",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2017/dsa-3830"
"name": "DSA-3830",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3830"
},
{
"name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213",
"refsource":"MISC",
"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213"
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213"
},
{
"name":"GLSA-201710-03",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201710-03"
"name": "GLSA-201710-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-03"
},
{
"name":"97672",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/97672"
"name": "97672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97672"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

91
2017/7xxx/CVE-2017-7868.json
View File

@ -1,85 +1,86 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2017-7868",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7868",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function."
"lang": "eng",
"value": "International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"97674",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/97674"
"name": "97674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97674"
},
{
"name":"http://bugs.icu-project.org/trac/changeset/39671",
"refsource":"MISC",
"url":"http://bugs.icu-project.org/trac/changeset/39671"
"name": "http://bugs.icu-project.org/trac/changeset/39671",
"refsource": "MISC",
"url": "http://bugs.icu-project.org/trac/changeset/39671"
},
{
"name":"DSA-3830",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2017/dsa-3830"
"name": "DSA-3830",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3830"
},
{
"name":"GLSA-201710-03",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201710-03"
"name": "GLSA-201710-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-03"
},
{
"name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437",
"refsource":"MISC",
"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437"
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

91
2017/8xxx/CVE-2017-8105.json
View File

@ -1,85 +1,86 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2017-8105",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8105",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c."
"lang": "eng",
"value": "FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791",
"refsource":"MISC",
"url":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791"
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791",
"refsource": "MISC",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791"
},
{
"name":"GLSA-201706-14",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201706-14"
"name": "GLSA-201706-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-14"
},
{
"name":"99093",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/99093"
"name": "99093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99093"
},
{
"name":"DSA-3839",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2017/dsa-3839"
"name": "DSA-3839",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3839"
},
{
"name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935",
"refsource":"MISC",
"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935"
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

91
2017/8xxx/CVE-2017-8287.json
View File

@ -1,85 +1,86 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2017-8287",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8287",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c."
"lang": "eng",
"value": "FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"GLSA-201706-14",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201706-14"
"name": "GLSA-201706-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-14"
},
{
"name":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0",
"refsource":"MISC",
"url":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0"
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0",
"refsource": "MISC",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0"
},
{
"name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941",
"refsource":"MISC",
"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941"
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941"
},
{
"name":"DSA-3839",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2017/dsa-3839"
"name": "DSA-3839",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3839"
},
{
"refsource":"BID",
"name":"99091",
"url":"http://www.securityfocus.com/bid/99091"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "BID",
"name": "99091",
"url": "http://www.securityfocus.com/bid/99091"
}
]
}

271
2017/9xxx/CVE-2017-9798.json
View File

@ -1,235 +1,236 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"ID":"CVE-2017-9798",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-9798",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache HTTP Server",
"version":{
"version_data":[
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value":"Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27"
"version_value": "Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c."
"lang": "eng",
"value": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"use-after-free"
"lang": "eng",
"value": "use-after-free"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2017:3113",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3113"
"name": "RHSA-2017:3113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name":"100872",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/100872"
"name": "100872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100872"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"RHSA-2017:2882",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2882"
"name": "RHSA-2017:2882",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2882"
},
{
"name":"RHSA-2017:2972",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2972"
"name": "RHSA-2017:2972",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"name":"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"refsource":"MISC",
"url":"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"
"name": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"
},
{
"name":"https://support.apple.com/HT208331",
"refsource":"CONFIRM",
"url":"https://support.apple.com/HT208331"
"name": "https://support.apple.com/HT208331",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208331"
},
{
"name":"1039387",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1039387"
"name": "1039387",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039387"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"
},
{
"name":"RHSA-2017:3475",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3475"
"name": "RHSA-2017:3475",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"name":"https://github.com/hannob/optionsbleed",
"refsource":"MISC",
"url":"https://github.com/hannob/optionsbleed"
"name": "https://github.com/hannob/optionsbleed",
"refsource": "MISC",
"url": "https://github.com/hannob/optionsbleed"
},
{
"name":"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch",
"refsource":"MISC",
"url":"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch"
"name": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch",
"refsource": "MISC",
"url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch"
},
{
"name":"RHSA-2017:3240",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3240"
"name": "RHSA-2017:3240",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"name":"RHSA-2017:3195",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3195"
"name": "RHSA-2017:3195",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"name":"RHSA-2017:3018",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3018"
"name": "RHSA-2017:3018",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3018"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"RHSA-2017:3239",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3239"
"name": "RHSA-2017:3239",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"name":"RHSA-2017:3476",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3476"
"name": "RHSA-2017:3476",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name":"105598",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105598"
"name": "105598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105598"
},
{
"name":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"refsource":"CONFIRM",
"url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"
"name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"RHSA-2017:3114",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3114"
"name": "RHSA-2017:3114",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name":"RHSA-2017:3477",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3477"
"name": "RHSA-2017:3477",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"name":"http://openwall.com/lists/oss-security/2017/09/18/2",
"refsource":"MISC",
"url":"http://openwall.com/lists/oss-security/2017/09/18/2"
"name": "http://openwall.com/lists/oss-security/2017/09/18/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/09/18/2"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180601-0003/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180601-0003/"
"name": "https://security.netapp.com/advisory/ntap-20180601-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180601-0003/"
},
{
"name":"RHSA-2017:3194",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3194"
"name": "RHSA-2017:3194",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"name":"https://security-tracker.debian.org/tracker/CVE-2017-9798",
"refsource":"MISC",
"url":"https://security-tracker.debian.org/tracker/CVE-2017-9798"
"name": "https://security-tracker.debian.org/tracker/CVE-2017-9798",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-9798"
},
{
"name":"RHSA-2017:3193",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3193"
"name": "RHSA-2017:3193",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"name":"DSA-3980",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2017/dsa-3980"
"name": "DSA-3980",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3980"
},
{
"name":"https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9",
"refsource":"MISC",
"url":"https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9"
"name": "https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9",
"refsource": "MISC",
"url": "https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9"
},
{
"name":"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"refsource":"MISC",
"url":"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
"name": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
},
{
"name":"42745",
"refsource":"EXPLOIT-DB",
"url":"https://www.exploit-db.com/exploits/42745/"
"name": "42745",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42745/"
},
{
"name":"GLSA-201710-32",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201710-32"
"name": "GLSA-201710-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

79
2018/0xxx/CVE-2018-0161.json
View File

@ -1,75 +1,76 @@
{
"CVE_data_meta":{
"ASSIGNER":"psirt@cisco.com",
"ID":"CVE-2018-0161",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0161",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Cisco IOS",
"version":{
"version_data":[
"product_name": "Cisco IOS",
"version": {
"version_data": [
{
"version_value":"Cisco IOS"
"version_value": "Cisco IOS"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541."
"lang": "eng",
"value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-399"
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"103573",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/103573"
"name": "103573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103573"
},
{
"name":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp",
"refsource":"CONFIRM",
"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp"
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp"
},
{
"name":"1040589",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040589"
"name": "1040589",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040589"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

157
2018/0xxx/CVE-2018-0495.json
View File

@ -1,140 +1,141 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@debian.org",
"ID":"CVE-2018-0495",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2018-0495",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Libgcrypt before 1.7.10 and 1.8.x before 1.8.3",
"version":{
"version_data":[
"product_name": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3",
"version": {
"version_data": [
{
"version_value":"Libgcrypt before 1.7.10 and 1.8.x before 1.8.3"
"version_value": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host."
"lang": "eng",
"value": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"side-channel attack"
"lang": "eng",
"value": "side-channel attack"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965",
"refsource":"MISC",
"url":"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965"
"name": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965",
"refsource": "MISC",
"url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965"
},
{
"name":"1041144",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041144"
"name": "1041144",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041144"
},
{
"name":"USN-3850-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3850-1/"
"name": "USN-3850-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3850-1/"
},
{
"name":"1041147",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041147"
"name": "1041147",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041147"
},
{
"name":"https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"refsource":"MISC",
"url":"https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
"name": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
},
{
"name":"USN-3689-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3689-1/"
"name": "USN-3689-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3689-1/"
},
{
"name":"https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html",
"refsource":"MISC",
"url":"https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html"
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html"
},
{
"name":"USN-3689-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3689-2/"
"name": "USN-3689-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3689-2/"
},
{
"name":"USN-3692-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3692-2/"
"name": "USN-3692-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3692-2/"
},
{
"name":"[debian-lts-announce] 20180629 [SECURITY] [DLA 1405-1] libgcrypt20 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html"
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1405-1] libgcrypt20 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html"
},
{
"name":"DSA-4231",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4231"
"name": "DSA-4231",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4231"
},
{
"name":"RHSA-2018:3505",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3505"
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name":"USN-3850-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3850-2/"
"name": "USN-3850-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3850-2/"
},
{
"name":"USN-3692-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3692-1/"
"name": "USN-3692-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3692-1/"
},
{
"name":"RHSA-2018:3221",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3221"
"name": "RHSA-2018:3221",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3221"
},
{
"name":"https://dev.gnupg.org/T4011",
"refsource":"MISC",
"url":"https://dev.gnupg.org/T4011"
"name": "https://dev.gnupg.org/T4011",
"refsource": "MISC",
"url": "https://dev.gnupg.org/T4011"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

231
2018/0xxx/CVE-2018-0732.json
View File

@ -1,203 +1,204 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2018-06-12",
"ID":"CVE-2018-0732",
"STATE":"PUBLIC",
"TITLE":"Client DoS due to large DH parameter"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2018-06-12",
"ID": "CVE-2018-0732",
"STATE": "PUBLIC",
"TITLE": "Client DoS due to large DH parameter"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h)"
"version_value": "Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h)"
},
{
"version_value":"Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)"
"version_value": "Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)"
}
]
}
}
]
},
"vendor_name":"OpenSSL"
"vendor_name": "OpenSSL"
}
]
}
},
"credit":[
"credit": [
{
"lang":"eng",
"value":"Guido Vranken"
"lang": "eng",
"value": "Guido Vranken"
}
],
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)."
"lang": "eng",
"value": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)."
}
]
},
"impact":[
"impact": [
{
"lang":"eng",
"url":"https://www.openssl.org/policies/secpolicy.html#Low",
"value":"Low"
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Low",
"value": "Low"
}
],
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Client side Denial of Service"
"lang": "eng",
"value": "Client side Denial of Service"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"
"name": "[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"
},
{
"name":"https://www.tenable.com/security/tns-2018-14",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-14"
"name": "https://www.tenable.com/security/tns-2018-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-14"
},
{
"name":"https://securityadvisories.paloaltonetworks.com/Home/Detail/133",
"refsource":"CONFIRM",
"url":"https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://www.tenable.com/security/tns-2018-13",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-13"
"name": "https://www.tenable.com/security/tns-2018-13",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-13"
},
{
"name":"104442",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104442"
"name": "104442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104442"
},
{
"name":"DSA-4355",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4355"
"name": "DSA-4355",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"name":"RHSA-2018:2552",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2552"
"name": "RHSA-2018:2552",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2552"
},
{
"name":"GLSA-201811-03",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201811-03"
"name": "GLSA-201811-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-03"
},
{
"name":"https://www.tenable.com/security/tns-2018-17",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-17"
"name": "https://www.tenable.com/security/tns-2018-17",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"name":"https://www.tenable.com/security/tns-2018-12",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-12"
"name": "https://www.tenable.com/security/tns-2018-12",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-12"
},
{
"name":"USN-3692-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3692-2/"
"name": "USN-3692-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3692-2/"
},
{
"name":"https://security.netapp.com/advisory/ntap-20181105-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20181105-0001/"
"name": "https://security.netapp.com/advisory/ntap-20181105-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181105-0001/"
},
{
"name":"RHSA-2018:2553",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2553"
"name": "RHSA-2018:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2553"
},
{
"name":"RHSA-2018:3505",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3505"
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name":"https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/",
"refsource":"CONFIRM",
"url":"https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
"name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098"
},
{
"name":"USN-3692-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3692-1/"
"name": "USN-3692-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3692-1/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"https://www.openssl.org/news/secadv/20180612.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20180612.txt"
"name": "https://www.openssl.org/news/secadv/20180612.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20180612.txt"
},
{
"name":"RHSA-2018:3221",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3221"
"name": "RHSA-2018:3221",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3221"
},
{
"name":"DSA-4348",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4348"
"name": "DSA-4348",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"name":"1041090",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041090"
"name": "1041090",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041090"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190118-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190118-0002/"
"name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

151
2018/0xxx/CVE-2018-0733.json
View File

@ -1,135 +1,136 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2018-03-27",
"ID":"CVE-2018-0733",
"STATE":"PUBLIC",
"TITLE":"Incorrect CRYPTO_memcmp on HP-UX PA-RISC"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2018-03-27",
"ID": "CVE-2018-0733",
"STATE": "PUBLIC",
"TITLE": "Incorrect CRYPTO_memcmp on HP-UX PA-RISC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)"
"version_value": "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)"
}
]
}
}
]
},
"vendor_name":"OpenSSL"
"vendor_name": "OpenSSL"
}
]
}
},
"credit":[
"credit": [
{
"lang":"eng",
"value":"Peter Waltenberg (IBM)"
"lang": "eng",
"value": "Peter Waltenberg (IBM)"
}
],
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)."
"lang": "eng",
"value": "Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)."
}
]
},
"impact":[
"impact": [
{
"lang":"eng",
"url":"https://www.openssl.org/policies/secpolicy.html#Moderate",
"value":"Moderate"
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Message forgery"
"lang": "eng",
"value": "Message forgery"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.tenable.com/security/tns-2018-07",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-07"
"name": "https://www.tenable.com/security/tns-2018-07",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-07"
},
{
"name":"https://www.tenable.com/security/tns-2018-04",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-04"
"name": "https://www.tenable.com/security/tns-2018-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-04"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"GLSA-201811-21",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201811-21"
"name": "GLSA-201811-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-21"
},
{
"name":"103517",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/103517"
"name": "103517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103517"
},
{
"name":"https://www.tenable.com/security/tns-2018-06",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-06"
"name": "https://www.tenable.com/security/tns-2018-06",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-06"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180330-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180330-0002/"
"name": "https://security.netapp.com/advisory/ntap-20180330-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
},
{
"name":"1040576",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040576"
"name": "1040576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040576"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f"
},
{
"name":"https://www.openssl.org/news/secadv/20180327.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20180327.txt"
"name": "https://www.openssl.org/news/secadv/20180327.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20180327.txt"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

173
2018/0xxx/CVE-2018-0734.json
View File

@ -1,156 +1,157 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2018-10-30",
"ID":"CVE-2018-0734",
"STATE":"PUBLIC",
"TITLE":"Timing attack against DSA"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2018-10-30",
"ID": "CVE-2018-0734",
"STATE": "PUBLIC",
"TITLE": "Timing attack against DSA"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
"version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
},
{
"version_value":"Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
"version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
},
{
"version_value":"Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)"
"version_value": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)"
}
]
}
}
]
},
"vendor_name":"OpenSSL"
"vendor_name": "OpenSSL"
}
]
}
},
"credit":[
"credit": [
{
"lang":"eng",
"value":"Samuel Weiser"
"lang": "eng",
"value": "Samuel Weiser"
}
],
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."
"lang": "eng",
"value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."
}
]
},
"impact":[
"impact": [
{
"lang":"eng",
"url":"https://www.openssl.org/policies/secpolicy.html#Low",
"value":"Low"
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Low",
"value": "Low"
}
],
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Constant time issue"
"lang": "eng",
"value": "Constant time issue"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"USN-3840-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3840-1/"
"name": "USN-3840-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"name":"DSA-4355",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4355"
"name": "DSA-4355",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"name":"https://security.netapp.com/advisory/ntap-20181105-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20181105-0002/"
"name": "https://security.netapp.com/advisory/ntap-20181105-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
},
{
"name":"https://www.tenable.com/security/tns-2018-17",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-17"
"name": "https://www.tenable.com/security/tns-2018-17",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"name":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"refsource":"CONFIRM",
"url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
"name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"name":"https://www.tenable.com/security/tns-2018-16",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-16"
"name": "https://www.tenable.com/security/tns-2018-16",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"name":"105758",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105758"
"name": "105758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105758"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
},
{
"name":"DSA-4348",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4348"
"name": "DSA-4348",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac"
},
{
"name":"https://www.openssl.org/news/secadv/20181030.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20181030.txt"
"name": "https://www.openssl.org/news/secadv/20181030.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20181030.txt"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190118-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190118-0002/"
"name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"refsource":"CONFIRM",
"name":"https://security.netapp.com/advisory/ntap-20190423-0002/",
"url":"https://security.netapp.com/advisory/ntap-20190423-0002/"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
}
]
}

147
2018/0xxx/CVE-2018-0735.json
View File

@ -1,133 +1,134 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2018-10-29",
"ID":"CVE-2018-0735",
"STATE":"PUBLIC",
"TITLE":"Timing attack against ECDSA signature generation"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2018-10-29",
"ID": "CVE-2018-0735",
"STATE": "PUBLIC",
"TITLE": "Timing attack against ECDSA signature generation"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
"version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
},
{
"version_value":"Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
"version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
}
]
}
}
]
},
"vendor_name":"OpenSSL"
"vendor_name": "OpenSSL"
}
]
}
},
"credit":[
"credit": [
{
"lang":"eng",
"value":"Samuel Weiser"
"lang": "eng",
"value": "Samuel Weiser"
}
],
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)."
"lang": "eng",
"value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)."
}
]
},
"impact":[
"impact": [
{
"lang":"eng",
"url":"https://www.openssl.org/policies/secpolicy.html#Low",
"value":"Low"
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Low",
"value": "Low"
}
],
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Constant time issue"
"lang": "eng",
"value": "Constant time issue"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"105750",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105750"
"name": "105750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105750"
},
{
"name":"USN-3840-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3840-1/"
"name": "USN-3840-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"name":"https://security.netapp.com/advisory/ntap-20181105-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20181105-0002/"
"name": "https://security.netapp.com/advisory/ntap-20181105-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"name":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"refsource":"CONFIRM",
"url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
"name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"name":"1041986",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041986"
"name": "1041986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041986"
},
{
"name":"[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"name":"DSA-4348",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4348"
"name": "DSA-4348",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
},
{
"name":"https://www.openssl.org/news/secadv/20181029.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20181029.txt"
"name": "https://www.openssl.org/news/secadv/20181029.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20181029.txt"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

225
2018/0xxx/CVE-2018-0737.json
View File

@ -1,198 +1,199 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2018-04-16",
"ID":"CVE-2018-0737",
"STATE":"PUBLIC",
"TITLE":"Cache timing vulnerability in RSA Key Generation"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2018-04-16",
"ID": "CVE-2018-0737",
"STATE": "PUBLIC",
"TITLE": "Cache timing vulnerability in RSA Key Generation"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h)"
"version_value": "Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h)"
},
{
"version_value":"Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)"
"version_value": "Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)"
}
]
}
}
]
},
"vendor_name":"OpenSSL"
"vendor_name": "OpenSSL"
}
]
}
},
"credit":[
"credit": [
{
"lang":"eng",
"value":"Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia"
"lang": "eng",
"value": "Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia"
}
],
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)."
"lang": "eng",
"value": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)."
}
]
},
"impact":[
"impact": [
{
"lang":"eng",
"url":"https://www.openssl.org/policies/secpolicy.html#Low",
"value":"Low"
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Low",
"value": "Low"
}
],
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Constant time issue"
"lang": "eng",
"value": "Constant time issue"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"
"name": "[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"
},
{
"name":"https://www.tenable.com/security/tns-2018-14",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-14"
"name": "https://www.tenable.com/security/tns-2018-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-14"
},
{
"name":"https://securityadvisories.paloaltonetworks.com/Home/Detail/133",
"refsource":"CONFIRM",
"url":"https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f"
},
{
"name":"https://www.tenable.com/security/tns-2018-13",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-13"
"name": "https://www.tenable.com/security/tns-2018-13",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-13"
},
{
"name":"DSA-4355",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4355"
"name": "DSA-4355",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787"
},
{
"name":"USN-3628-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3628-2/"
"name": "USN-3628-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3628-2/"
},
{
"name":"GLSA-201811-21",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201811-21"
"name": "GLSA-201811-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-21"
},
{
"name":"https://www.openssl.org/news/secadv/20180416.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20180416.txt"
"name": "https://www.openssl.org/news/secadv/20180416.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20180416.txt"
},
{
"name":"https://www.tenable.com/security/tns-2018-17",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-17"
"name": "https://www.tenable.com/security/tns-2018-17",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"name":"https://www.tenable.com/security/tns-2018-12",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-12"
"name": "https://www.tenable.com/security/tns-2018-12",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-12"
},
{
"name":"USN-3692-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3692-2/"
"name": "USN-3692-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3692-2/"
},
{
"name":"RHSA-2018:3505",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3505"
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name":"https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/",
"refsource":"CONFIRM",
"url":"https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
"name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
},
{
"name":"103766",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/103766"
"name": "103766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103766"
},
{
"name":"USN-3692-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3692-1/"
"name": "USN-3692-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3692-1/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"RHSA-2018:3221",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3221"
"name": "RHSA-2018:3221",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3221"
},
{
"name":"DSA-4348",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4348"
"name": "DSA-4348",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180726-0003/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180726-0003/"
"name": "https://security.netapp.com/advisory/ntap-20180726-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0003/"
},
{
"name":"1040685",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040685"
"name": "1040685",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040685"
},
{
"name":"USN-3628-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3628-1/"
"name": "USN-3628-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3628-1/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

249
2018/0xxx/CVE-2018-0739.json
View File

@ -1,218 +1,219 @@
{
"CVE_data_meta":{
"ASSIGNER":"openssl-security@openssl.org",
"DATE_PUBLIC":"2018-03-27",
"ID":"CVE-2018-0739",
"STATE":"PUBLIC",
"TITLE":"Constructed ASN.1 types with a recursive definition could exceed the stack"
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2018-03-27",
"ID": "CVE-2018-0739",
"STATE": "PUBLIC",
"TITLE": "Constructed ASN.1 types with a recursive definition could exceed the stack"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)"
"version_value": "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)"
},
{
"version_value":"Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)"
"version_value": "Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)"
}
]
}
}
]
},
"vendor_name":"OpenSSL"
"vendor_name": "OpenSSL"
}
]
}
},
"credit":[
"credit": [
{
"lang":"eng",
"value":"OSS-fuzz"
"lang": "eng",
"value": "OSS-fuzz"
}
],
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)."
"lang": "eng",
"value": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)."
}
]
},
"impact":[
"impact": [
{
"lang":"eng",
"url":"https://www.openssl.org/policies/secpolicy.html#Moderate",
"value":"Moderate"
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Stack overflow"
"lang": "eng",
"value": "Stack overflow"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.tenable.com/security/tns-2018-07",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-07"
"name": "https://www.tenable.com/security/tns-2018-07",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-07"
},
{
"name":"https://www.tenable.com/security/tns-2018-04",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-04"
"name": "https://www.tenable.com/security/tns-2018-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-04"
},
{
"name":"https://securityadvisories.paloaltonetworks.com/Home/Detail/133",
"refsource":"CONFIRM",
"url":"https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/",
"refsource":"CONFIRM",
"url":"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
"name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"USN-3611-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3611-2/"
"name": "USN-3611-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3611-2/"
},
{
"name":"DSA-4158",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4158"
"name": "DSA-4158",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4158"
},
{
"name":"GLSA-201811-21",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201811-21"
"name": "GLSA-201811-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-21"
},
{
"name":"RHSA-2019:0367",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0367"
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name":"DSA-4157",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4157"
"name": "DSA-4157",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4157"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"
},
{
"name":"RHSA-2018:3505",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3505"
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"https://www.tenable.com/security/tns-2018-06",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-06"
"name": "https://www.tenable.com/security/tns-2018-06",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-06"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180330-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180330-0002/"
"name": "https://security.netapp.com/advisory/ntap-20180330-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
},
{
"name":"103518",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/103518"
"name": "103518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103518"
},
{
"name":"1040576",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040576"
"name": "1040576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040576"
},
{
"name":"RHSA-2018:3221",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3221"
"name": "RHSA-2018:3221",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3221"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180726-0002/"
"name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name":"105609",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105609"
"name": "105609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105609"
},
{
"name":"USN-3611-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3611-1/"
"name": "USN-3611-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3611-1/"
},
{
"name":"[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html"
"name": "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html"
},
{
"name":"https://www.openssl.org/news/secadv/20180327.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20180327.txt"
"name": "https://www.openssl.org/news/secadv/20180327.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20180327.txt"
},
{
"name":"RHSA-2019:0366",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0366"
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name":"RHSA-2018:3090",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3090"
"name": "RHSA-2018:3090",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3090"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

143
2018/1000xxx/CVE-2018-1000004.json
View File

@ -1,127 +1,128 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"DATE_ASSIGNED":"2018-01-15",
"ID":"CVE-2018-1000004",
"REQUESTER":"a4651386@163.com",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-01-15",
"ID": "CVE-2018-1000004",
"REQUESTER": "a4651386@163.com",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition."
"lang": "eng",
"value": "In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"USN-3631-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3631-2/"
"name": "USN-3631-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3631-2/"
},
{
"name":"DSA-4187",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4187"
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name":"USN-3631-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3631-1/"
"name": "USN-3631-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3631-1/"
},
{
"name":"RHSA-2018:2390",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2390"
"name": "RHSA-2018:2390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name":"104606",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104606"
"name": "104606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104606"
},
{
"name":"RHSA-2018:1062",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1062"
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name":"RHSA-2018:0654",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0654"
"name": "RHSA-2018:0654",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0654"
},
{
"name":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource":"CONFIRM",
"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name":"RHSA-2018:0676",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0676"
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name":"[oss-security] 20180116 sound driver Conditional competition",
"refsource":"MLIST",
"url":"http://seclists.org/oss-sec/2018/q1/51"
"name": "[oss-security] 20180116 sound driver Conditional competition",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2018/q1/51"
},
{
"name":"[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name":"USN-3798-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3798-1/"
"name": "USN-3798-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3798-1/"
},
{
"name":"USN-3798-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3798-2/"
"name": "USN-3798-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3798-2/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

151
2018/1000xxx/CVE-2018-1000180.json
View File

@ -1,133 +1,134 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"DATE_ASSIGNED":"2018-04-30T12:00:00",
"DATE_REQUESTED":"2018-04-30T14:00:00",
"ID":"CVE-2018-1000180",
"REQUESTER":"dgh@bouncycastle.org",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-04-30T12:00:00",
"DATE_REQUESTED": "2018-04-30T14:00:00",
"ID": "CVE-2018-1000180",
"REQUESTER": "dgh@bouncycastle.org",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later."
"lang": "eng",
"value": "Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test",
"refsource":"MISC",
"url":"https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test"
"name": "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test",
"refsource": "MISC",
"url": "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test"
},
{
"name":"RHSA-2018:2428",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2428"
"name": "RHSA-2018:2428",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2428"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"RHSA-2018:2669",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2669"
"name": "RHSA-2018:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name":"https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad",
"refsource":"CONFIRM",
"url":"https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad"
"name": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad"
},
{
"name":"https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839",
"refsource":"CONFIRM",
"url":"https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839"
"name": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839"
},
{
"name":"RHSA-2018:2643",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2643"
"name": "RHSA-2018:2643",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2643"
},
{
"name":"https://www.bouncycastle.org/jira/browse/BJA-694",
"refsource":"CONFIRM",
"url":"https://www.bouncycastle.org/jira/browse/BJA-694"
"name": "https://www.bouncycastle.org/jira/browse/BJA-694",
"refsource": "CONFIRM",
"url": "https://www.bouncycastle.org/jira/browse/BJA-694"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190204-0003/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190204-0003/"
"name": "https://security.netapp.com/advisory/ntap-20190204-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"name":"RHSA-2018:2424",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2424"
"name": "RHSA-2018:2424",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2424"
},
{
"name":"RHSA-2018:2423",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2423"
"name": "RHSA-2018:2423",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2423"
},
{
"name":"RHSA-2018:2425",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2425"
"name": "RHSA-2018:2425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2425"
},
{
"name":"DSA-4233",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4233"
"name": "DSA-4233",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4233"
},
{
"refsource":"BID",
"name":"106567",
"url":"http://www.securityfocus.com/bid/106567"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "BID",
"name": "106567",
"url": "http://www.securityfocus.com/bid/106567"
}
]
}

91
2018/1000xxx/CVE-2018-1000613.json
View File

@ -1,83 +1,84 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"DATE_ASSIGNED":"2018-07-08T15:52:41.190527",
"DATE_REQUESTED":"2018-06-29T04:46:08",
"ID":"CVE-2018-1000613",
"REQUESTER":"dgh@bouncycastle.org",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-08T15:52:41.190527",
"DATE_REQUESTED": "2018-06-29T04:46:08",
"ID": "CVE-2018-1000613",
"REQUESTER": "dgh@bouncycastle.org",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later."
"lang": "eng",
"value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574",
"refsource":"CONFIRM",
"url":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
"name": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc",
"refsource":"CONFIRM",
"url":"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
"name": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190204-0003/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190204-0003/"
"name": "https://security.netapp.com/advisory/ntap-20190204-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

123
2018/10xxx/CVE-2018-10901.json
View File

@ -1,115 +1,116 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2018-10901",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10901",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"kernel:",
"version":{
"version_data":[
"product_name": "kernel:",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"[UNKNOWN]"
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges."
"lang": "eng",
"value": "A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges."
}
]
},
"impact":{
"cvss":[
"impact": {
"cvss": [
[
{
"vectorString":"7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version":"3.0"
"vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-665"
"lang": "eng",
"value": "CWE-665"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"104905",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104905"
"name": "104905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104905"
},
{
"name":"RHSA-2018:2393",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2393"
"name": "RHSA-2018:2393",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2393"
},
{
"name":"RHSA-2018:2390",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2390"
"name": "RHSA-2018:2390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource":"CONFIRM",
"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name":"RHSA-2018:2391",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2391"
"name": "RHSA-2018:2391",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2391"
},
{
"name":"RHSA-2018:2392",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2392"
"name": "RHSA-2018:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2392"
},
{
"name":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36",
"refsource":"CONFIRM",
"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36"
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36"
},
{
"name":"RHSA-2018:2394",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2394"
"name": "RHSA-2018:2394",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2394"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

101
2018/11xxx/CVE-2018-11039.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta":{
"ASSIGNER":"security_alert@emc.com",
"DATE_PUBLIC":"2018-06-14T04:00:00.000Z",
"ID":"CVE-2018-11039",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-06-14T04:00:00.000Z",
"ID": "CVE-2018-11039",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Spring Framework",
"version":{
"version_data":[
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"affected":"<",
"version_name":"5.0.x",
"version_value":"5.0.7"
"affected": "<",
"version_name": "5.0.x",
"version_value": "5.0.7"
},
{
"affected":"<",
"version_name":"4.3.x ",
"version_value":"4.3.18"
"affected": "<",
"version_name": "4.3.x ",
"version_value": "4.3.18"
}
]
}
}
]
},
"vendor_name":"Pivotal"
"vendor_name": "Pivotal"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."
"lang": "eng",
"value": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Cross Site Tracing"
"lang": "eng",
"value": "Cross Site Tracing"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://pivotal.io/security/cve-2018-11039",
"refsource":"CONFIRM",
"url":"https://pivotal.io/security/cve-2018-11039"
"name": "https://pivotal.io/security/cve-2018-11039",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-11039"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"refsource":"BID",
"name":"107984",
"url":"http://www.securityfocus.com/bid/107984"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "BID",
"name": "107984",
"url": "http://www.securityfocus.com/bid/107984"
}
]
},
"source":{
"discovery":"UNKNOWN"
"source": {
"discovery": "UNKNOWN"
}
}

95
2018/11xxx/CVE-2018-11040.json
View File

@ -1,87 +1,88 @@
{
"CVE_data_meta":{
"ASSIGNER":"security_alert@emc.com",
"DATE_PUBLIC":"2018-06-14T04:00:00.000Z",
"ID":"CVE-2018-11040",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-06-14T04:00:00.000Z",
"ID": "CVE-2018-11040",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Spring Framework",
"version":{
"version_data":[
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"affected":"<",
"version_name":"5.0.x",
"version_value":"5.0.7"
"affected": "<",
"version_name": "5.0.x",
"version_value": "5.0.7"
},
{
"affected":"<",
"version_name":"4.3.x ",
"version_value":"4.3.18"
"affected": "<",
"version_name": "4.3.x ",
"version_value": "4.3.18"
}
]
}
}
]
},
"vendor_name":"Pivotal"
"vendor_name": "Pivotal"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests."
"lang": "eng",
"value": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"JSONP enabled by default in MappingJackson2JsonView"
"lang": "eng",
"value": "JSONP enabled by default in MappingJackson2JsonView"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://pivotal.io/security/cve-2018-11040",
"refsource":"CONFIRM",
"url":"https://pivotal.io/security/cve-2018-11040"
"name": "https://pivotal.io/security/cve-2018-11040",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-11040"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
},
"source":{
"discovery":"UNKNOWN"
"source": {
"discovery": "UNKNOWN"
}
}

121
2018/11xxx/CVE-2018-11218.json
View File

@ -1,110 +1,111 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-11218",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11218",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows."
"lang": "eng",
"value": "Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"104553",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104553"
"name": "104553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104553"
},
{
"name":"https://github.com/antirez/redis/issues/5017",
"refsource":"MISC",
"url":"https://github.com/antirez/redis/issues/5017"
"name": "https://github.com/antirez/redis/issues/5017",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/issues/5017"
},
{
"name":"DSA-4230",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4230"
"name": "DSA-4230",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4230"
},
{
"name":"RHSA-2019:0052",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0052"
"name": "RHSA-2019:0052",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0052"
},
{
"name":"https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0",
"refsource":"MISC",
"url":"https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0"
"name": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0"
},
{
"name":"http://antirez.com/news/119",
"refsource":"MISC",
"url":"http://antirez.com/news/119"
"name": "http://antirez.com/news/119",
"refsource": "MISC",
"url": "http://antirez.com/news/119"
},
{
"name":"https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3",
"refsource":"MISC",
"url":"https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3"
"name": "https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3"
},
{
"name":"RHSA-2019:0094",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0094"
"name": "RHSA-2019:0094",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0094"
},
{
"name":"https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES",
"refsource":"MISC",
"url":"https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
"name": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"name":"https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES",
"refsource":"MISC",
"url":"https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
"name": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

121
2018/11xxx/CVE-2018-11219.json
View File

@ -1,110 +1,111 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-11219",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11219",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking."
"lang": "eng",
"value": "An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"104552",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104552"
"name": "104552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104552"
},
{
"name":"https://github.com/antirez/redis/issues/5017",
"refsource":"MISC",
"url":"https://github.com/antirez/redis/issues/5017"
"name": "https://github.com/antirez/redis/issues/5017",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/issues/5017"
},
{
"name":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
"refsource":"MISC",
"url":"https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3"
"name": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3"
},
{
"name":"DSA-4230",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4230"
"name": "DSA-4230",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4230"
},
{
"name":"RHSA-2019:0052",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0052"
"name": "RHSA-2019:0052",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0052"
},
{
"name":"http://antirez.com/news/119",
"refsource":"MISC",
"url":"http://antirez.com/news/119"
"name": "http://antirez.com/news/119",
"refsource": "MISC",
"url": "http://antirez.com/news/119"
},
{
"name":"RHSA-2019:0094",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0094"
"name": "RHSA-2019:0094",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0094"
},
{
"name":"https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES",
"refsource":"MISC",
"url":"https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
"name": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"name":"https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936",
"refsource":"MISC",
"url":"https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936"
"name": "https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936"
},
{
"name":"https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES",
"refsource":"MISC",
"url":"https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
"name": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

97
2018/11xxx/CVE-2018-11236.json
View File

@ -1,90 +1,91 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-11236",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11236",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution."
"lang": "eng",
"value": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2",
"refsource":"MISC",
"url":"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2"
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2",
"refsource": "MISC",
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2"
},
{
"name":"104255",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104255"
"name": "104255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104255"
},
{
"name":"https://sourceware.org/bugzilla/show_bug.cgi?id=22786",
"refsource":"MISC",
"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22786"
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22786",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22786"
},
{
"name":"RHSA-2018:3092",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3092"
"name": "RHSA-2018:3092",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3092"
},
{
"refsource":"CONFIRM",
"name":"https://security.netapp.com/advisory/ntap-20190329-0001/",
"url":"https://security.netapp.com/advisory/ntap-20190329-0001/"
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190329-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190329-0001/"
},
{
"refsource":"CONFIRM",
"name":"https://security.netapp.com/advisory/ntap-20190401-0001/",
"url":"https://security.netapp.com/advisory/ntap-20190401-0001/"
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190401-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190401-0001/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

97
2018/11xxx/CVE-2018-11237.json
View File

@ -1,90 +1,91 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-11237",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11237",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper."
"lang": "eng",
"value": "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://sourceware.org/bugzilla/show_bug.cgi?id=23196",
"refsource":"MISC",
"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=23196"
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23196",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23196"
},
{
"name":"44750",
"refsource":"EXPLOIT-DB",
"url":"https://www.exploit-db.com/exploits/44750/"
"name": "44750",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44750/"
},
{
"name":"104256",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104256"
"name": "104256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104256"
},
{
"name":"RHSA-2018:3092",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3092"
"name": "RHSA-2018:3092",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3092"
},
{
"refsource":"CONFIRM",
"name":"https://security.netapp.com/advisory/ntap-20190329-0001/",
"url":"https://security.netapp.com/advisory/ntap-20190329-0001/"
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190329-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190329-0001/"
},
{
"refsource":"CONFIRM",
"name":"https://security.netapp.com/advisory/ntap-20190401-0001/",
"url":"https://security.netapp.com/advisory/ntap-20190401-0001/"
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190401-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190401-0001/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

75
2018/11xxx/CVE-2018-11761.json
View File

@ -1,71 +1,72 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"DATE_PUBLIC":"2018-09-19T00:00:00",
"ID":"CVE-2018-11761",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-09-19T00:00:00",
"ID": "CVE-2018-11761",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache Tika",
"version":{
"version_data":[
"product_name": "Apache Tika",
"version": {
"version_data": [
{
"version_value":"0.1 to 1.18"
"version_value": "0.1 to 1.18"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack."
"lang": "eng",
"value": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Denial of Service via XML Entity Expansion"
"lang": "eng",
"value": "Denial of Service via XML Entity Expansion"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"105514",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105514"
"name": "105514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105514"
},
{
"name":"[tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability",
"refsource":"MLIST",
"url":"https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E"
"name": "[tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

123
2018/11xxx/CVE-2018-11763.json
View File

@ -1,111 +1,112 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"DATE_PUBLIC":"2018-09-25T00:00:00",
"ID":"CVE-2018-11763",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-11763",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache HTTP Server",
"version":{
"version_data":[
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value":"2.4.17 to 2.4.34"
"version_value": "2.4.17 to 2.4.34"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol."
"lang": "eng",
"value": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"mod_http2, DoS via continuous SETTINGS frames"
"lang": "eng",
"value": "mod_http2, DoS via continuous SETTINGS frames"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"RHSA-2018:3558",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3558"
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name":"105414",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105414"
"name": "105414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105414"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190204-0004/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190204-0004/"
"name": "https://security.netapp.com/advisory/ntap-20190204-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0004/"
},
{
"name":"RHSA-2019:0367",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0367"
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name":"USN-3783-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3783-1/"
"name": "USN-3783-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3783-1/"
},
{
"name":"https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource":"CONFIRM",
"url":"https://httpd.apache.org/security/vulnerabilities_24.html"
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name":"1041713",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041713"
"name": "1041713",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041713"
},
{
"name":"RHSA-2019:0366",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0366"
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

111
2018/11xxx/CVE-2018-11775.json
View File

@ -1,101 +1,102 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"DATE_PUBLIC":"2018-09-10T00:00:00",
"ID":"CVE-2018-11775",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-09-10T00:00:00",
"ID": "CVE-2018-11775",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache ActiveMQ",
"version":{
"version_data":[
"product_name": "Apache ActiveMQ",
"version": {
"version_data": [
{
"version_value":"5.0.0 - 5.15.5"
"version_value": "5.0.0 - 5.15.5"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default."
"lang": "eng",
"value": "TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Missing TLS Hostname Verification"
"lang": "eng",
"value": "Missing TLS Hostname Verification"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"1041618",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041618"
"name": "1041618",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041618"
},
{
"name":"105335",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105335"
"name": "105335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105335"
},
{
"name":"http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt",
"refsource":"CONFIRM",
"url":"http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt"
"name": "http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt",
"refsource": "CONFIRM",
"url": "http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt"
},
{
"refsource":"MLIST",
"name":"[activemq-commits] 20190327 [CONF] Apache ActiveMQ > Security Advisories",
"url":"https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E"
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 [CONF] Apache ActiveMQ > Security Advisories",
"url": "https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[activemq-dev] 20190327 Re: Website",
"url":"https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E"
"refsource": "MLIST",
"name": "[activemq-dev] 20190327 Re: Website",
"url": "https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url":"https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[activemq-dev] 20190328 Re: Website",
"url":"https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E"
"refsource": "MLIST",
"name": "[activemq-dev] 20190328 Re: Website",
"url": "https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

199
2018/11xxx/CVE-2018-11784.json
View File

@ -1,177 +1,178 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"DATE_PUBLIC":"2018-10-03T00:00:00",
"ID":"CVE-2018-11784",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-10-03T00:00:00",
"ID": "CVE-2018-11784",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache Tomcat",
"version":{
"version_data":[
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value":"9.0.0.M1 to 9.0.11"
"version_value": "9.0.0.M1 to 9.0.11"
},
{
"version_value":"8.5.0 to 8.5.33"
"version_value": "8.5.0 to 8.5.33"
},
{
"version_value":"7.0.23 to 7.0.90"
"version_value": "7.0.23 to 7.0.90"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice."
"lang": "eng",
"value": "When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Open Redirect"
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"[announce] 20181003 [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect",
"refsource":"MLIST",
"url":"https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E"
"name": "[announce] 20181003 [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E"
},
{
"name":"https://security.netapp.com/advisory/ntap-20181014-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20181014-0002/"
"name": "https://security.netapp.com/advisory/ntap-20181014-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181014-0002/"
},
{
"name":"105524",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105524"
"name": "105524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105524"
},
{
"name":"RHSA-2019:0131",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0131"
"name": "RHSA-2019:0131",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0131"
},
{
"name":"RHSA-2019:0485",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0485"
"name": "RHSA-2019:0485",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0485"
},
{
"name":"RHSA-2019:0130",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0130"
"name": "RHSA-2019:0130",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0130"
},
{
"name":"[debian-lts-announce] 20181014 [SECURITY] [DLA 1544-1] tomcat7 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html"
"name": "[debian-lts-announce] 20181014 [SECURITY] [DLA 1544-1] tomcat7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html"
},
{
"name":"USN-3787-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3787-1/"
"name": "USN-3787-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3787-1/"
},
{
"name":"[debian-lts-announce] 20181015 [SECURITY] [DLA 1545-1] tomcat8 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html"
"name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1545-1] tomcat8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"FEDORA",
"name":"FEDORA-2018-b18f9dd65b",
"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/"
"refsource": "FEDORA",
"name": "FEDORA-2018-b18f9dd65b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

103
2018/12xxx/CVE-2018-12022.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-12022",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12022",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload."
"lang": "eng",
"value": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/",
"refsource":"MISC",
"name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/"
},
{
"url":"https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf",
"refsource":"MISC",
"name":"https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf"
"url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf",
"refsource": "MISC",
"name": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf"
},
{
"refsource":"CONFIRM",
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1671098",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671098"
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1671098",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671098"
},
{
"refsource":"CONFIRM",
"name":"https://github.com/FasterXML/jackson-databind/issues/2052",
"url":"https://github.com/FasterXML/jackson-databind/issues/2052"
"refsource": "CONFIRM",
"name": "https://github.com/FasterXML/jackson-databind/issues/2052",
"url": "https://github.com/FasterXML/jackson-databind/issues/2052"
},
{
"refsource":"CONFIRM",
"name":"https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a",
"url":"https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
"refsource": "CONFIRM",
"name": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a",
"url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
},
{
"refsource":"MISC",
"name":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
"refsource": "MISC",
"name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:0782",
"url":"https://access.redhat.com/errata/RHSA-2019:0782"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "REDHAT",
"name": "RHSA-2019:0782",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
]
}

109
2018/12xxx/CVE-2018-12023.json
View File

@ -1,100 +1,101 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-12023",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12023",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload."
"lang": "eng",
"value": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"refsource":"CONFIRM",
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"refsource": "CONFIRM",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"refsource":"CONFIRM",
"name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"refsource": "CONFIRM",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/",
"refsource":"MISC",
"name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/"
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/"
},
{
"url":"https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf",
"refsource":"MISC",
"name":"https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf"
"url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf",
"refsource": "MISC",
"name": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf"
},
{
"url":"http://www.securityfocus.com/bid/105659",
"refsource":"MISC",
"name":"http://www.securityfocus.com/bid/105659"
"url": "http://www.securityfocus.com/bid/105659",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/105659"
},
{
"refsource":"MISC",
"name":"https://github.com/FasterXML/jackson-databind/issues/2058",
"url":"https://github.com/FasterXML/jackson-databind/issues/2058"
"refsource": "MISC",
"name": "https://github.com/FasterXML/jackson-databind/issues/2058",
"url": "https://github.com/FasterXML/jackson-databind/issues/2058"
},
{
"refsource":"MISC",
"name":"https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a",
"url":"https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
"refsource": "MISC",
"name": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a",
"url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:0782",
"url":"https://access.redhat.com/errata/RHSA-2019:0782"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "REDHAT",
"name": "RHSA-2019:0782",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
]
}

117
2018/12xxx/CVE-2018-12539.json
View File

@ -1,106 +1,107 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@eclipse.org",
"ID":"CVE-2018-12539",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2018-12539",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Eclipse OpenJ9",
"version":{
"version_data":[
"product_name": "Eclipse OpenJ9",
"version": {
"version_data": [
{
"version_affected":"=",
"version_value":"0.8"
"version_affected": "=",
"version_value": "0.8"
}
]
}
}
]
},
"vendor_name":"The Eclipse Foundation"
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no."
"lang": "eng",
"value": "In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-419: Unprotected Primary Channel"
"lang": "eng",
"value": "CWE-419: Unprotected Primary Channel"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2018:2713",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2713"
"name": "RHSA-2018:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2713"
},
{
"name":"RHSA-2018:2575",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2575"
"name": "RHSA-2018:2575",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2575"
},
{
"name":"RHSA-2018:2576",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2576"
"name": "RHSA-2018:2576",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2576"
},
{
"name":"RHSA-2018:2568",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2568"
"name": "RHSA-2018:2568",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2568"
},
{
"name":"RHSA-2018:2569",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2569"
"name": "RHSA-2018:2569",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2569"
},
{
"name":"RHSA-2018:2712",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2712"
"name": "RHSA-2018:2712",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2712"
},
{
"name":"1041765",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041765"
"name": "1041765",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041765"
},
{
"name":"105126",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105126"
"name": "105126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105126"
},
{
"name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589",
"refsource":"CONFIRM",
"url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589"
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

121
2018/14xxx/CVE-2018-14718.json
View File

@ -1,110 +1,111 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-14718",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14718",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization."
"lang": "eng",
"value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
"name": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
},
{
"name":"https://github.com/FasterXML/jackson-databind/issues/2097",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/issues/2097"
"name": "https://github.com/FasterXML/jackson-databind/issues/2097",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/2097"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
"name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
},
{
"name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
"name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"refsource":"MLIST",
"name":"[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
"url":"https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E"
"refsource": "MLIST",
"name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
"url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
"url":"https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E"
"refsource": "MLIST",
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
"url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
"url":"https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:0782",
"url":"https://access.redhat.com/errata/RHSA-2019:0782"
"refsource": "MLIST",
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
"url": "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E"
},
{
"refsource":"BID",
"name":"106601",
"url":"http://www.securityfocus.com/bid/106601"
"refsource": "REDHAT",
"name": "RHSA-2019:0782",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "BID",
"name": "106601",
"url": "http://www.securityfocus.com/bid/106601"
}
]
}

103
2018/14xxx/CVE-2018-14719.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-14719",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14719",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization."
"lang": "eng",
"value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
"name": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
},
{
"name":"https://github.com/FasterXML/jackson-databind/issues/2097",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/issues/2097"
"name": "https://github.com/FasterXML/jackson-databind/issues/2097",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/2097"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
"name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
},
{
"name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
"name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"refsource":"MLIST",
"name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
"refsource": "MLIST",
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:0782",
"url":"https://access.redhat.com/errata/RHSA-2019:0782"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "REDHAT",
"name": "RHSA-2019:0782",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
]
}

121
2018/14xxx/CVE-2018-14720.json
View File

@ -1,110 +1,111 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-14720",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14720",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization."
"lang": "eng",
"value": "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
"name": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
},
{
"name":"https://github.com/FasterXML/jackson-databind/issues/2097",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/issues/2097"
"name": "https://github.com/FasterXML/jackson-databind/issues/2097",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/2097"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
"name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
},
{
"name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
"name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"refsource":"MLIST",
"name":"[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
"url":"https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E"
"refsource": "MLIST",
"name": "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
"url": "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
"url":"https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E"
"refsource": "MLIST",
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
"url": "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
"refsource": "MLIST",
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
"url":"https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:0782",
"url":"https://access.redhat.com/errata/RHSA-2019:0782"
"refsource": "MLIST",
"name": "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...",
"url": "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "REDHAT",
"name": "RHSA-2019:0782",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
]
}

103
2018/14xxx/CVE-2018-14721.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-14721",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14721",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization."
"lang": "eng",
"value": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
"name": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44"
},
{
"name":"https://github.com/FasterXML/jackson-databind/issues/2097",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/issues/2097"
"name": "https://github.com/FasterXML/jackson-databind/issues/2097",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/2097"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
"name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7"
},
{
"name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
"name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"refsource":"MLIST",
"name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
"refsource": "MLIST",
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:0782",
"url":"https://access.redhat.com/errata/RHSA-2019:0782"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "REDHAT",
"name": "RHSA-2019:0782",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
]
}

125
2018/15xxx/CVE-2018-15756.json
View File

@ -1,104 +1,105 @@
{
"CVE_data_meta":{
"ASSIGNER":"security_alert@emc.com",
"DATE_PUBLIC":"2018-10-16T07:00:00.000Z",
"ID":"CVE-2018-15756",
"STATE":"PUBLIC",
"TITLE":"DoS Attack via Range Requests"
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-16T07:00:00.000Z",
"ID": "CVE-2018-15756",
"STATE": "PUBLIC",
"TITLE": "DoS Attack via Range Requests"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Spring framework",
"version":{
"version_data":[
"product_name": "Spring framework",
"version": {
"version_data": [
{
"affected":"=",
"version_name":"5.1",
"version_value":"5.1"
"affected": "=",
"version_name": "5.1",
"version_value": "5.1"
},
{
"affected":"<=",
"version_name":"5.0.0",
"version_value":"5.0.9"
"affected": "<=",
"version_name": "5.0.0",
"version_value": "5.0.9"
},
{
"affected":"<=",
"version_name":"4.3",
"version_value":"4.3.19"
"affected": "<=",
"version_name": "4.3",
"version_value": "4.3.19"
}
]
}
}
]
},
"vendor_name":"Pivotal"
"vendor_name": "Pivotal"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable."
"lang": "eng",
"value": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable."
}
]
},
"impact":{
"cvss":{
"attackComplexity":"LOW",
"attackVector":"NETWORK",
"availabilityImpact":"HIGH",
"baseScore":7.5,
"baseSeverity":"HIGH",
"confidentialityImpact":"NONE",
"integrityImpact":"NONE",
"privilegesRequired":"NONE",
"scope":"UNCHANGED",
"userInteraction":"NONE",
"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version":"3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Numeric Range Comparison Without Minimum Check"
"lang": "eng",
"value": "Numeric Range Comparison Without Minimum Check"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"105703",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105703"
"name": "105703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105703"
},
{
"name":"https://pivotal.io/security/cve-2018-15756",
"refsource":"CONFIRM",
"url":"https://pivotal.io/security/cve-2018-15756"
"name": "https://pivotal.io/security/cve-2018-15756",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15756"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
},
"source":{
"discovery":"UNKNOWN"
"source": {
"discovery": "UNKNOWN"
}
}

147
2018/16xxx/CVE-2018-16864.json
View File

@ -1,135 +1,136 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2018-16864",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16864",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"systemd",
"version":{
"version_data":[
"product_name": "systemd",
"version": {
"version_data": [
{
"version_value":"through v240"
"version_value": "through v240"
}
]
}
}
]
},
"vendor_name":"The systemd Project"
"vendor_name": "The systemd Project"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable."
"lang": "eng",
"value": "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable."
}
]
},
"impact":{
"cvss":[
"impact": {
"cvss": [
[
{
"vectorString":"7.4/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version":"3.0"
"vectorString": "7.4/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-770"
"lang": "eng",
"value": "CWE-770"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"106523",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/106523"
"name": "106523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106523"
},
{
"name":"RHSA-2019:0342",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0342"
"name": "RHSA-2019:0342",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0342"
},
{
"name":"[debian-lts-announce] 20190123 [SECURITY] [DLA 1639-1] systemd security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html"
"name": "[debian-lts-announce] 20190123 [SECURITY] [DLA 1639-1] systemd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html"
},
{
"name":"DSA-4367",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2019/dsa-4367"
"name": "DSA-4367",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4367"
},
{
"name":"RHSA-2019:0204",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0204"
"name": "RHSA-2019:0204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0204"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190117-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190117-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190117-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190117-0001/"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864"
},
{
"name":"https://www.qualys.com/2019/01/09/system-down/system-down.txt",
"refsource":"MISC",
"url":"https://www.qualys.com/2019/01/09/system-down/system-down.txt"
"name": "https://www.qualys.com/2019/01/09/system-down/system-down.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
},
{
"name":"USN-3855-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3855-1/"
"name": "USN-3855-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3855-1/"
},
{
"name":"RHSA-2019:0049",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0049"
"name": "RHSA-2019:0049",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0049"
},
{
"name":"RHSA-2019:0271",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0271"
"name": "RHSA-2019:0271",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0271"
},
{
"name":"RHSA-2019:0361",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0361"
"name": "RHSA-2019:0361",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0361"
},
{
"name":"GLSA-201903-07",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201903-07"
"name": "GLSA-201903-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-07"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

147
2018/16xxx/CVE-2018-16865.json
View File

@ -1,135 +1,136 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2018-16865",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16865",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"systemd",
"version":{
"version_data":[
"product_name": "systemd",
"version": {
"version_data": [
{
"version_value":"through v240"
"version_value": "through v240"
}
]
}
}
]
},
"vendor_name":"The systemd Project"
"vendor_name": "The systemd Project"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable."
"lang": "eng",
"value": "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable."
}
]
},
"impact":{
"cvss":[
"impact": {
"cvss": [
[
{
"vectorString":"7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version":"3.0"
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-770"
"lang": "eng",
"value": "CWE-770"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2019:0342",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0342"
"name": "RHSA-2019:0342",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0342"
},
{
"name":"[debian-lts-announce] 20190123 [SECURITY] [DLA 1639-1] systemd security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html"
"name": "[debian-lts-announce] 20190123 [SECURITY] [DLA 1639-1] systemd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html"
},
{
"name":"106525",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/106525"
"name": "106525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106525"
},
{
"name":"DSA-4367",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2019/dsa-4367"
"name": "DSA-4367",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4367"
},
{
"name":"RHSA-2019:0204",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0204"
"name": "RHSA-2019:0204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0204"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190117-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190117-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190117-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190117-0001/"
},
{
"name":"https://www.qualys.com/2019/01/09/system-down/system-down.txt",
"refsource":"MISC",
"url":"https://www.qualys.com/2019/01/09/system-down/system-down.txt"
"name": "https://www.qualys.com/2019/01/09/system-down/system-down.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
},
{
"name":"USN-3855-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3855-1/"
"name": "USN-3855-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3855-1/"
},
{
"name":"RHSA-2019:0049",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0049"
"name": "RHSA-2019:0049",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0049"
},
{
"name":"RHSA-2019:0271",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0271"
"name": "RHSA-2019:0271",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0271"
},
{
"name":"RHSA-2019:0361",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0361"
"name": "RHSA-2019:0361",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0361"
},
{
"name":"GLSA-201903-07",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201903-07"
"name": "GLSA-201903-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-07"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

117
2018/16xxx/CVE-2018-16890.json
View File

@ -1,110 +1,111 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2018-16890",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16890",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"curl",
"version":{
"version_data":[
"product_name": "curl",
"version": {
"version_data": [
{
"version_value":"7.64.0"
"version_value": "7.64.0"
}
]
}
}
]
},
"vendor_name":"The curl Project"
"vendor_name": "The curl Project"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds."
"lang": "eng",
"value": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds."
}
]
},
"impact":{
"cvss":[
"impact": {
"cvss": [
[
{
"vectorString":"5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version":"3.0"
"vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-125"
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"DSA-4386",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2019/dsa-4386"
"name": "DSA-4386",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"name":"106947",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/106947"
"name": "106947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106947"
},
{
"name":"https://curl.haxx.se/docs/CVE-2018-16890.html",
"refsource":"MISC",
"url":"https://curl.haxx.se/docs/CVE-2018-16890.html"
"name": "https://curl.haxx.se/docs/CVE-2018-16890.html",
"refsource": "MISC",
"url": "https://curl.haxx.se/docs/CVE-2018-16890.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190315-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"name":"USN-3882-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3882-1/"
"name": "USN-3882-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890"
},
{
"refsource":"MLIST",
"name":"[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
"refsource": "MLIST",
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
},
{
"refsource":"CONFIRM",
"name":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

117
2018/17xxx/CVE-2018-17189.json
View File

@ -1,106 +1,107 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"DATE_PUBLIC":"2019-01-22T00:00:00",
"ID":"CVE-2018-17189",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2019-01-22T00:00:00",
"ID": "CVE-2018-17189",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache HTTP Server",
"version":{
"version_data":[
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value":"2.4.17 to 2.4.37"
"version_value": "2.4.17 to 2.4.37"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections."
"lang": "eng",
"value": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"mod_http2, DoS via slow request bodies"
"lang": "eng",
"value": "mod_http2, DoS via slow request bodies"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource":"CONFIRM",
"url":"https://httpd.apache.org/security/vulnerabilities_24.html"
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name":"106685",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/106685"
"name": "106685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106685"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190125-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190125-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190125-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190125-0001/"
},
{
"refsource":"FEDORA",
"name":"FEDORA-2019-0300c36537",
"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/"
"refsource": "FEDORA",
"name": "FEDORA-2019-0300c36537",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/"
},
{
"refsource":"FEDORA",
"name":"FEDORA-2019-133a8a7cb5",
"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/"
"refsource": "FEDORA",
"name": "FEDORA-2019-133a8a7cb5",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/"
},
{
"refsource":"GENTOO",
"name":"GLSA-201903-21",
"url":"https://security.gentoo.org/glsa/201903-21"
"refsource": "GENTOO",
"name": "GLSA-201903-21",
"url": "https://security.gentoo.org/glsa/201903-21"
},
{
"refsource":"BUGTRAQ",
"name":"20190403 [SECURITY] [DSA 4422-1] apache2 security update",
"url":"https://seclists.org/bugtraq/2019/Apr/5"
"refsource": "BUGTRAQ",
"name": "20190403 [SECURITY] [DSA 4422-1] apache2 security update",
"url": "https://seclists.org/bugtraq/2019/Apr/5"
},
{
"refsource":"UBUNTU",
"name":"USN-3937-1",
"url":"https://usn.ubuntu.com/3937-1/"
"refsource": "UBUNTU",
"name": "USN-3937-1",
"url": "https://usn.ubuntu.com/3937-1/"
},
{
"refsource":"DEBIAN",
"name":"DSA-4422",
"url":"https://www.debian.org/security/2019/dsa-4422"
"refsource": "DEBIAN",
"name": "DSA-4422",
"url": "https://www.debian.org/security/2019/dsa-4422"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

111
2018/17xxx/CVE-2018-17199.json
View File

@ -1,101 +1,102 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"DATE_PUBLIC":"2019-01-22T00:00:00",
"ID":"CVE-2018-17199",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2019-01-22T00:00:00",
"ID": "CVE-2018-17199",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache HTTP Server",
"version":{
"version_data":[
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value":"Apache HTTP Server 2.4.0 to 2.4.37"
"version_value": "Apache HTTP Server 2.4.0 to 2.4.37"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded."
"lang": "eng",
"value": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Infufficient Session Expiration"
"lang": "eng",
"value": "Infufficient Session Expiration"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"[debian-lts-announce] 20190129 [SECURITY] [DLA 1647-1] apache2 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html"
"name": "[debian-lts-announce] 20190129 [SECURITY] [DLA 1647-1] apache2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html"
},
{
"name":"106742",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/106742"
"name": "106742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106742"
},
{
"name":"https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource":"CONFIRM",
"url":"https://httpd.apache.org/security/vulnerabilities_24.html"
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190125-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190125-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190125-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190125-0001/"
},
{
"refsource":"GENTOO",
"name":"GLSA-201903-21",
"url":"https://security.gentoo.org/glsa/201903-21"
"refsource": "GENTOO",
"name": "GLSA-201903-21",
"url": "https://security.gentoo.org/glsa/201903-21"
},
{
"refsource":"BUGTRAQ",
"name":"20190403 [SECURITY] [DSA 4422-1] apache2 security update",
"url":"https://seclists.org/bugtraq/2019/Apr/5"
"refsource": "BUGTRAQ",
"name": "20190403 [SECURITY] [DSA 4422-1] apache2 security update",
"url": "https://seclists.org/bugtraq/2019/Apr/5"
},
{
"refsource":"UBUNTU",
"name":"USN-3937-1",
"url":"https://usn.ubuntu.com/3937-1/"
"refsource": "UBUNTU",
"name": "USN-3937-1",
"url": "https://usn.ubuntu.com/3937-1/"
},
{
"refsource":"DEBIAN",
"name":"DSA-4422",
"url":"https://www.debian.org/security/2019/dsa-4422"
"refsource": "DEBIAN",
"name": "DSA-4422",
"url": "https://www.debian.org/security/2019/dsa-4422"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

115
2018/19xxx/CVE-2018-19360.json
View File

@ -1,105 +1,106 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-19360",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19360",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization."
"lang": "eng",
"value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://github.com/FasterXML/jackson-databind/issues/2186",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/issues/2186"
"name": "https://github.com/FasterXML/jackson-databind/issues/2186",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/2186"
},
{
"name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
"name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
"name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
},
{
"name":"https://issues.apache.org/jira/browse/TINKERPOP-2121",
"refsource":"CONFIRM",
"url":"https://issues.apache.org/jira/browse/TINKERPOP-2121"
"name": "https://issues.apache.org/jira/browse/TINKERPOP-2121",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
},
{
"name":"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
"name": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
},
{
"refsource":"MLIST",
"name":"[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url":"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
"refsource": "MLIST",
"name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url":"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
"refsource": "MLIST",
"name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
"refsource": "MLIST",
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:0782",
"url":"https://access.redhat.com/errata/RHSA-2019:0782"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "REDHAT",
"name": "RHSA-2019:0782",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
]
}

115
2018/19xxx/CVE-2018-19361.json
View File

@ -1,105 +1,106 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-19361",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19361",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization."
"lang": "eng",
"value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://github.com/FasterXML/jackson-databind/issues/2186",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/issues/2186"
"name": "https://github.com/FasterXML/jackson-databind/issues/2186",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/2186"
},
{
"name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
"name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
"name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
},
{
"name":"https://issues.apache.org/jira/browse/TINKERPOP-2121",
"refsource":"CONFIRM",
"url":"https://issues.apache.org/jira/browse/TINKERPOP-2121"
"name": "https://issues.apache.org/jira/browse/TINKERPOP-2121",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
},
{
"name":"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
"name": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
},
{
"refsource":"MLIST",
"name":"[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url":"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
"refsource": "MLIST",
"name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url":"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
"refsource": "MLIST",
"name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
"refsource": "MLIST",
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:0782",
"url":"https://access.redhat.com/errata/RHSA-2019:0782"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "REDHAT",
"name": "RHSA-2019:0782",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
]
}

115
2018/19xxx/CVE-2018-19362.json
View File

@ -1,105 +1,106 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-19362",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19362",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization."
"lang": "eng",
"value": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://github.com/FasterXML/jackson-databind/issues/2186",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/issues/2186"
"name": "https://github.com/FasterXML/jackson-databind/issues/2186",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/2186"
},
{
"name":"[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
"name": "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html"
},
{
"name":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
"name": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8"
},
{
"name":"https://issues.apache.org/jira/browse/TINKERPOP-2121",
"refsource":"CONFIRM",
"url":"https://issues.apache.org/jira/browse/TINKERPOP-2121"
"name": "https://issues.apache.org/jira/browse/TINKERPOP-2121",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/TINKERPOP-2121"
},
{
"name":"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
"name": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b"
},
{
"refsource":"MLIST",
"name":"[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url":"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
"refsource": "MLIST",
"name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url":"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
"refsource": "MLIST",
"name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
"refsource": "MLIST",
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:0782",
"url":"https://access.redhat.com/errata/RHSA-2019:0782"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"refsource": "REDHAT",
"name": "RHSA-2019:0782",
"url": "https://access.redhat.com/errata/RHSA-2019:0782"
}
]
}

99
2018/1xxx/CVE-2018-1257.json
View File

@ -1,91 +1,92 @@
{
"CVE_data_meta":{
"ASSIGNER":"security_alert@emc.com",
"DATE_PUBLIC":"2018-05-09T00:00:00",
"ID":"CVE-2018-1257",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-05-09T00:00:00",
"ID": "CVE-2018-1257",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Spring Framework",
"version":{
"version_data":[
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"version_value":"5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17"
"version_value": "5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17"
}
]
}
}
]
},
"vendor_name":"Pivotal"
"vendor_name": "Pivotal"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack."
"lang": "eng",
"value": "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"ReDoS"
"lang": "eng",
"value": "ReDoS"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"104260",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104260"
"name": "104260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104260"
},
{
"name":"RHSA-2018:1809",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1809"
"name": "RHSA-2018:1809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1809"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"https://pivotal.io/security/cve-2018-1257",
"refsource":"CONFIRM",
"url":"https://pivotal.io/security/cve-2018-1257"
"name": "https://pivotal.io/security/cve-2018-1257",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1257"
},
{
"name":"RHSA-2018:3768",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3768"
"name": "RHSA-2018:3768",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3768"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

113
2018/1xxx/CVE-2018-1258.json
View File

@ -1,102 +1,103 @@
{
"CVE_data_meta":{
"ASSIGNER":"security_alert@emc.com",
"DATE_PUBLIC":"2018-05-09T00:00:00",
"ID":"CVE-2018-1258",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-05-09T00:00:00",
"ID": "CVE-2018-1258",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Spring Framework",
"version":{
"version_data":[
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"affected":"=",
"version_value":"5.0.5"
"affected": "=",
"version_value": "5.0.5"
}
]
}
}
]
},
"vendor_name":"Pivotal"
"vendor_name": "Pivotal"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."
"lang": "eng",
"value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Authorization Bypass"
"lang": "eng",
"value": "Authorization Bypass"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"104222",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104222"
"name": "104222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104222"
},
{
"name":"1041888",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041888"
"name": "1041888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name":"1041896",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041896"
"name": "1041896",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041896"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20181018-0002/"
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name":"https://pivotal.io/security/cve-2018-1258",
"refsource":"CONFIRM",
"url":"https://pivotal.io/security/cve-2018-1258"
"name": "https://pivotal.io/security/cve-2018-1258",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1258"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

249
2018/1xxx/CVE-2018-1304.json
View File

@ -1,216 +1,217 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"DATE_PUBLIC":"2018-02-23T00:00:00",
"ID":"CVE-2018-1304",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-02-23T00:00:00",
"ID": "CVE-2018-1304",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache Tomcat",
"version":{
"version_data":[
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value":"Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84"
"version_value": "Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected."
"lang": "eng",
"value": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2018:1448",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1448"
"name": "RHSA-2018:1448",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1448"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180706-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180706-0001/"
"name": "https://security.netapp.com/advisory/ntap-20180706-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180706-0001/"
},
{
"name":"103170",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/103170"
"name": "103170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103170"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"RHSA-2018:1449",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1449"
"name": "RHSA-2018:1449",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name":"RHSA-2018:1450",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1450"
"name": "RHSA-2018:1450",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name":"https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E",
"refsource":"MISC",
"url":"https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E"
"name": "https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E"
},
{
"name":"DSA-4281",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4281"
"name": "DSA-4281",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4281"
},
{
"name":"RHSA-2018:2939",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2939"
"name": "RHSA-2018:2939",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2939"
},
{
"name":"RHSA-2018:0465",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0465"
"name": "RHSA-2018:0465",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"name":"USN-3665-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3665-1/"
"name": "USN-3665-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3665-1/"
},
{
"name":"1040427",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040427"
"name": "1040427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040427"
},
{
"name":"RHSA-2018:1320",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1320"
"name": "RHSA-2018:1320",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1320"
},
{
"name":"RHSA-2018:1451",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1451"
"name": "RHSA-2018:1451",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1451"
},
{
"name":"[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html"
"name": "[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html"
"name": "[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html"
},
{
"name":"RHSA-2018:0466",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0466"
"name": "RHSA-2018:0466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"name":"RHSA-2018:1447",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1447"
"name": "RHSA-2018:1447",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1447"
},
{
"name":"[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html"
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

219
2018/1xxx/CVE-2018-1305.json
View File

@ -1,191 +1,192 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"DATE_PUBLIC":"2018-02-23T00:00:00",
"ID":"CVE-2018-1305",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-02-23T00:00:00",
"ID": "CVE-2018-1305",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache Tomcat",
"version":{
"version_data":[
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value":"Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84"
"version_value": "Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them."
"lang": "eng",
"value": "Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"103144",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/103144"
"name": "103144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103144"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180706-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180706-0001/"
"name": "https://security.netapp.com/advisory/ntap-20180706-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180706-0001/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"DSA-4281",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4281"
"name": "DSA-4281",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4281"
},
{
"name":"RHSA-2018:2939",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2939"
"name": "RHSA-2018:2939",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2939"
},
{
"name":"RHSA-2018:0465",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0465"
"name": "RHSA-2018:0465",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"name":"USN-3665-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3665-1/"
"name": "USN-3665-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3665-1/"
},
{
"name":"RHSA-2018:1320",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1320"
"name": "RHSA-2018:1320",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1320"
},
{
"name":"[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html"
"name": "[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E",
"refsource":"MISC",
"url":"https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E"
"name": "https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E"
},
{
"name":"[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html"
"name": "[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html"
},
{
"name":"RHSA-2018:0466",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0466"
"name": "RHSA-2018:0466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"name":"[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html"
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html"
},
{
"name":"1040428",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040428"
"name": "1040428",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040428"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

159
2018/1xxx/CVE-2018-1656.json
View File

@ -1,137 +1,138 @@
{
"CVE_data_meta":{
"ASSIGNER":"psirt@us.ibm.com",
"DATE_PUBLIC":"2018-08-16T00:00:00",
"ID":"CVE-2018-1656",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-08-16T00:00:00",
"ID": "CVE-2018-1656",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"SDK, Java Technology Edition",
"version":{
"version_data":[
"product_name": "SDK, Java Technology Edition",
"version": {
"version_data": [
{
"version_value":"6.0"
"version_value": "6.0"
},
{
"version_value":"7.0"
"version_value": "7.0"
},
{
"version_value":"8.0"
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name":"IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882."
"lang": "eng",
"value": "The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882."
}
]
},
"impact":{
"cvssv3":{
"BM":{
"A":"N",
"AC":"L",
"AV":"N",
"C":"N",
"I":"H",
"PR":"N",
"S":"C",
"SCORE":"7.400",
"UI":"R"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "N",
"S": "C",
"SCORE": "7.400",
"UI": "R"
},
"TM":{
"E":"U",
"RC":"C",
"RL":"O"
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"File Manipulation"
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://www.ibm.com/support/docview.wss?uid=ibm10719653",
"refsource":"CONFIRM",
"url":"http://www.ibm.com/support/docview.wss?uid=ibm10719653"
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10719653",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719653"
},
{
"name":"ibm-java-cve20181656-file-overwrite(144882)",
"refsource":"XF",
"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/144882"
"name": "ibm-java-cve20181656-file-overwrite(144882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144882"
},
{
"name":"RHSA-2018:2713",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2713"
"name": "RHSA-2018:2713",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2713"
},
{
"name":"105118",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105118"
"name": "105118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105118"
},
{
"name":"RHSA-2018:2575",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2575"
"name": "RHSA-2018:2575",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2575"
},
{
"name":"RHSA-2018:2576",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2576"
"name": "RHSA-2018:2576",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2576"
},
{
"name":"RHSA-2018:2568",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2568"
"name": "RHSA-2018:2568",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2568"
},
{
"name":"RHSA-2018:2569",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2569"
"name": "RHSA-2018:2569",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2569"
},
{
"name":"RHSA-2018:2712",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2712"
"name": "RHSA-2018:2712",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2712"
},
{
"name":"1041765",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041765"
"name": "1041765",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041765"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

115
2018/20xxx/CVE-2018-20685.json
View File

@ -1,105 +1,106 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-20685",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20685",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side."
"lang": "eng",
"value": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"DSA-4387",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2019/dsa-4387"
"name": "DSA-4387",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"name":"USN-3885-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3885-1/"
"name": "USN-3885-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"name":"https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
"refsource":"MISC",
"url":"https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
"name": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
"refsource": "MISC",
"url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"
},
{
"name":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
"refsource":"MISC",
"url":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h"
"name": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
"refsource": "MISC",
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190215-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190215-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190215-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190215-0001/"
},
{
"name":"106531",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/106531"
"name": "106531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106531"
},
{
"name":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"refsource":"MISC",
"url":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
"name": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"refsource": "MISC",
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"refsource":"GENTOO",
"name":"GLSA-201903-16",
"url":"https://security.gentoo.org/glsa/201903-16"
"refsource": "GENTOO",
"name": "GLSA-201903-16",
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"refsource":"MLIST",
"name":"[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

363
2018/3xxx/CVE-2018-3620.json
View File

@ -1,311 +1,312 @@
{
"CVE_data_meta":{
"ASSIGNER":"secure@intel.com",
"DATE_PUBLIC":"2018-08-14T00:00:00",
"ID":"CVE-2018-3620",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-08-14T00:00:00",
"ID": "CVE-2018-3620",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Multiple",
"version":{
"version_data":[
"product_name": "Multiple",
"version": {
"version_data": [
{
"version_value":"Multiple"
"version_value": "Multiple"
}
]
}
}
]
},
"vendor_name":"Intel Corporation"
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis."
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"VU#982149",
"refsource":"CERT-VN",
"url":"https://www.kb.cert.org/vuls/id/982149"
"name": "VU#982149",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/982149"
},
{
"name":"1041451",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041451"
"name": "1041451",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041451"
},
{
"name":"http://xenbits.xen.org/xsa/advisory-273.html",
"refsource":"CONFIRM",
"url":"http://xenbits.xen.org/xsa/advisory-273.html"
"name": "http://xenbits.xen.org/xsa/advisory-273.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-273.html"
},
{
"name":"GLSA-201810-06",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201810-06"
"name": "GLSA-201810-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name":"USN-3741-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3741-2/"
"name": "USN-3741-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3741-2/"
},
{
"name":"RHSA-2018:2393",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2393"
"name": "RHSA-2018:2393",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2393"
},
{
"name":"USN-3823-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3823-1/"
"name": "USN-3823-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3823-1/"
},
{
"name":"RHSA-2018:2389",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2389"
"name": "RHSA-2018:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2389"
},
{
"name":"RHSA-2018:2390",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2390"
"name": "RHSA-2018:2390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name":"RHSA-2018:2403",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2403"
"name": "RHSA-2018:2403",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2403"
},
{
"name":"105080",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105080"
"name": "105080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105080"
},
{
"name":"RHSA-2018:2395",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2395"
"name": "RHSA-2018:2395",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name":"RHSA-2018:2384",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2384"
"name": "RHSA-2018:2384",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"name":"https://foreshadowattack.eu/",
"refsource":"MISC",
"url":"https://foreshadowattack.eu/"
"name": "https://foreshadowattack.eu/",
"refsource": "MISC",
"url": "https://foreshadowattack.eu/"
},
{
"name":"http://www.vmware.com/security/advisories/VMSA-2018-0021.html",
"refsource":"CONFIRM",
"url":"http://www.vmware.com/security/advisories/VMSA-2018-0021.html"
"name": "http://www.vmware.com/security/advisories/VMSA-2018-0021.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2018-0021.html"
},
{
"name":"USN-3740-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3740-2/"
"name": "USN-3740-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3740-2/"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180815-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180815-0001/"
"name": "https://security.netapp.com/advisory/ntap-20180815-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
},
{
"name":"FreeBSD-SA-18:09",
"refsource":"FREEBSD",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
"name": "FreeBSD-SA-18:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
},
{
"name":"DSA-4274",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4274"
"name": "DSA-4274",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4274"
},
{
"name":"FEDORA-2018-1c80fea1cd",
"refsource":"FEDORA",
"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
"name": "FEDORA-2018-1c80fea1cd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
},
{
"name":"RHSA-2018:2388",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2388"
"name": "RHSA-2018:2388",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2388"
},
{
"name":"USN-3741-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3741-1/"
"name": "USN-3741-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3741-1/"
},
{
"name":"RHSA-2018:2603",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2603"
"name": "RHSA-2018:2603",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2603"
},
{
"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018",
"refsource":"CONFIRM",
"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
},
{
"name":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource":"CONFIRM",
"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name":"RHSA-2018:2402",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2402"
"name": "RHSA-2018:2402",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2402"
},
{
"name":"20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
"refsource":"CISCO",
"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
"name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
},
{
"name":"FEDORA-2018-f8cba144ae",
"refsource":"FEDORA",
"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
"name": "FEDORA-2018-f8cba144ae",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
},
{
"name":"USN-3742-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3742-2/"
"name": "USN-3742-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3742-2/"
},
{
"name":"RHSA-2018:2404",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2404"
"name": "RHSA-2018:2404",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2404"
},
{
"name":"USN-3740-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3740-1/"
"name": "USN-3740-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3740-1/"
},
{
"name":"RHSA-2018:2391",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2391"
"name": "RHSA-2018:2391",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2391"
},
{
"name":"https://support.f5.com/csp/article/K95275140",
"refsource":"CONFIRM",
"url":"https://support.f5.com/csp/article/K95275140"
"name": "https://support.f5.com/csp/article/K95275140",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K95275140"
},
{
"name":"http://support.lenovo.com/us/en/solutions/LEN-24163",
"refsource":"CONFIRM",
"url":"http://support.lenovo.com/us/en/solutions/LEN-24163"
"name": "http://support.lenovo.com/us/en/solutions/LEN-24163",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
},
{
"name":"RHSA-2018:2396",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2396"
"name": "RHSA-2018:2396",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2396"
},
{
"name":"DSA-4279",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4279"
"name": "DSA-4279",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4279"
},
{
"name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en",
"refsource":"CONFIRM",
"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
},
{
"name":"RHSA-2018:2392",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2392"
"name": "RHSA-2018:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2392"
},
{
"name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html",
"refsource":"CONFIRM",
"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
},
{
"name":"[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
"name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
},
{
"name":"USN-3742-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3742-1/"
"name": "USN-3742-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3742-1/"
},
{
"name":"https://www.synology.com/support/security/Synology_SA_18_45",
"refsource":"CONFIRM",
"url":"https://www.synology.com/support/security/Synology_SA_18_45"
"name": "https://www.synology.com/support/security/Synology_SA_18_45",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_45"
},
{
"name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009",
"refsource":"CONFIRM",
"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009"
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009"
},
{
"name":"RHSA-2018:2602",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2602"
"name": "RHSA-2018:2602",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2602"
},
{
"name":"[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name":"RHSA-2018:2394",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2394"
"name": "RHSA-2018:2394",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2394"
},
{
"name":"https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf",
"refsource":"CONFIRM",
"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us"
},
{
"name":"RHSA-2018:2387",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2387"
"name": "RHSA-2018:2387",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2387"
},
{
"name":"https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault",
"refsource":"CONFIRM",
"url":"https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
"name": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault",
"refsource": "CONFIRM",
"url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

381
2018/3xxx/CVE-2018-3646.json
View File

@ -1,326 +1,327 @@
{
"CVE_data_meta":{
"ASSIGNER":"secure@intel.com",
"DATE_PUBLIC":"2018-08-14T00:00:00",
"ID":"CVE-2018-3646",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-08-14T00:00:00",
"ID": "CVE-2018-3646",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Multiple",
"version":{
"version_data":[
"product_name": "Multiple",
"version": {
"version_data": [
{
"version_value":"Multiple"
"version_value": "Multiple"
}
]
}
}
]
},
"vendor_name":"Intel Corporation"
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis."
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"VU#982149",
"refsource":"CERT-VN",
"url":"https://www.kb.cert.org/vuls/id/982149"
"name": "VU#982149",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/982149"
},
{
"name":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010",
"refsource":"CONFIRM",
"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010"
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010"
},
{
"name":"1041451",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041451"
"name": "1041451",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041451"
},
{
"name":"http://xenbits.xen.org/xsa/advisory-273.html",
"refsource":"CONFIRM",
"url":"http://xenbits.xen.org/xsa/advisory-273.html"
"name": "http://xenbits.xen.org/xsa/advisory-273.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-273.html"
},
{
"name":"GLSA-201810-06",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201810-06"
"name": "GLSA-201810-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name":"USN-3741-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3741-2/"
"name": "USN-3741-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3741-2/"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"RHSA-2018:2393",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2393"
"name": "RHSA-2018:2393",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2393"
},
{
"name":"USN-3823-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3823-1/"
"name": "USN-3823-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3823-1/"
},
{
"name":"RHSA-2018:2389",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2389"
"name": "RHSA-2018:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2389"
},
{
"name":"1042004",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1042004"
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name":"RHSA-2018:2390",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2390"
"name": "RHSA-2018:2390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name":"RHSA-2018:2403",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2403"
"name": "RHSA-2018:2403",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2403"
},
{
"name":"105080",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105080"
"name": "105080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105080"
},
{
"name":"RHSA-2018:2395",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2395"
"name": "RHSA-2018:2395",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name":"RHSA-2018:2384",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2384"
"name": "RHSA-2018:2384",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"name":"https://foreshadowattack.eu/",
"refsource":"MISC",
"url":"https://foreshadowattack.eu/"
"name": "https://foreshadowattack.eu/",
"refsource": "MISC",
"url": "https://foreshadowattack.eu/"
},
{
"name":"USN-3740-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3740-2/"
"name": "USN-3740-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3740-2/"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180815-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180815-0001/"
"name": "https://security.netapp.com/advisory/ntap-20180815-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
},
{
"name":"FreeBSD-SA-18:09",
"refsource":"FREEBSD",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
"name": "FreeBSD-SA-18:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
},
{
"name":"DSA-4274",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4274"
"name": "DSA-4274",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4274"
},
{
"name":"FEDORA-2018-1c80fea1cd",
"refsource":"FEDORA",
"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
"name": "FEDORA-2018-1c80fea1cd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
},
{
"name":"RHSA-2018:2388",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2388"
"name": "RHSA-2018:2388",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2388"
},
{
"name":"USN-3741-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3741-1/"
"name": "USN-3741-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3741-1/"
},
{
"name":"RHSA-2018:2603",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2603"
"name": "RHSA-2018:2603",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2603"
},
{
"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018",
"refsource":"CONFIRM",
"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
},
{
"name":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource":"CONFIRM",
"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name":"RHSA-2018:2402",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2402"
"name": "RHSA-2018:2402",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2402"
},
{
"name":"20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
"refsource":"CISCO",
"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
"name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
},
{
"name":"FEDORA-2018-f8cba144ae",
"refsource":"FEDORA",
"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
"name": "FEDORA-2018-f8cba144ae",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
},
{
"name":"USN-3742-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3742-2/"
"name": "USN-3742-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3742-2/"
},
{
"name":"RHSA-2018:2404",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2404"
"name": "RHSA-2018:2404",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2404"
},
{
"name":"USN-3740-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3740-1/"
"name": "USN-3740-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3740-1/"
},
{
"name":"RHSA-2018:2391",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2391"
"name": "RHSA-2018:2391",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2391"
},
{
"name":"http://support.lenovo.com/us/en/solutions/LEN-24163",
"refsource":"CONFIRM",
"url":"http://support.lenovo.com/us/en/solutions/LEN-24163"
"name": "http://support.lenovo.com/us/en/solutions/LEN-24163",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
},
{
"name":"RHSA-2018:2396",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2396"
"name": "RHSA-2018:2396",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2396"
},
{
"name":"DSA-4279",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4279"
"name": "DSA-4279",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4279"
},
{
"name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en",
"refsource":"CONFIRM",
"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
},
{
"name":"RHSA-2018:2392",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2392"
"name": "RHSA-2018:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2392"
},
{
"name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html",
"refsource":"CONFIRM",
"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
},
{
"name":"[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
"name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
},
{
"name":"USN-3742-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3742-1/"
"name": "USN-3742-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3742-1/"
},
{
"name":"https://www.synology.com/support/security/Synology_SA_18_45",
"refsource":"CONFIRM",
"url":"https://www.synology.com/support/security/Synology_SA_18_45"
"name": "https://www.synology.com/support/security/Synology_SA_18_45",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_45"
},
{
"name":"RHSA-2018:2602",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2602"
"name": "RHSA-2018:2602",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2602"
},
{
"name":"[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name":"RHSA-2018:2394",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2394"
"name": "RHSA-2018:2394",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2394"
},
{
"name":"http://www.vmware.com/security/advisories/VMSA-2018-0020.html",
"refsource":"CONFIRM",
"url":"http://www.vmware.com/security/advisories/VMSA-2018-0020.html"
"name": "http://www.vmware.com/security/advisories/VMSA-2018-0020.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2018-0020.html"
},
{
"name":"https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf",
"refsource":"CONFIRM",
"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us"
},
{
"name":"RHSA-2018:2387",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2387"
"name": "RHSA-2018:2387",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2387"
},
{
"name":"USN-3756-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3756-1/"
"name": "USN-3756-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"name":"https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault",
"refsource":"CONFIRM",
"url":"https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
"name": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault",
"refsource": "CONFIRM",
"url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
},
{
"name":"https://support.f5.com/csp/article/K31300402",
"refsource":"CONFIRM",
"url":"https://support.f5.com/csp/article/K31300402"
"name": "https://support.f5.com/csp/article/K31300402",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K31300402"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

97
2018/3xxx/CVE-2018-3693.json
View File

@ -1,90 +1,91 @@
{
"CVE_data_meta":{
"ASSIGNER":"secure@intel.com",
"ID":"CVE-2018-3693",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-3693",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Most Modern Operating Systems",
"version":{
"version_data":[
"product_name": "Most Modern Operating Systems",
"version": {
"version_data": [
{
"version_value":"All"
"version_value": "All"
}
]
}
}
]
},
"vendor_name":"Intel Corporation"
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis."
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://security.netapp.com/advisory/ntap-20180823-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180823-0001/"
"name": "https://security.netapp.com/advisory/ntap-20180823-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
},
{
"name":"RHSA-2018:2390",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2390"
"name": "RHSA-2018:2390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name":"RHSA-2018:2395",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2395"
"name": "RHSA-2018:2395",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name":"RHSA-2018:2384",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2384"
"name": "RHSA-2018:2384",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"name":"https://01.org/security/advisories/intel-oss-10002",
"refsource":"CONFIRM",
"url":"https://01.org/security/advisories/intel-oss-10002"
"name": "https://01.org/security/advisories/intel-oss-10002",
"refsource": "CONFIRM",
"url": "https://01.org/security/advisories/intel-oss-10002"
},
{
"name":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource":"CONFIRM",
"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

163
2018/5xxx/CVE-2018-5407.json
View File

@ -1,145 +1,146 @@
{
"CVE_data_meta":{
"ASSIGNER":"cert@cert.org",
"ID":"CVE-2018-5407",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5407",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Processors supporting Simultaneous Multi-Threading",
"version":{
"version_data":[
"product_name": "Processors supporting Simultaneous Multi-Threading",
"version": {
"version_data": [
{
"version_value":"N/A"
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name":"N/A"
"vendor_name": "N/A"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'."
"lang": "eng",
"value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-200"
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2019:0483",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0483"
"name": "RHSA-2019:0483",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0483"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20181126-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20181126-0001/"
"name": "https://security.netapp.com/advisory/ntap-20181126-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
},
{
"name":"USN-3840-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3840-1/"
"name": "USN-3840-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"name":"DSA-4355",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4355"
"name": "DSA-4355",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"name":"https://www.tenable.com/security/tns-2018-17",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-17"
"name": "https://www.tenable.com/security/tns-2018-17",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"name":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"refsource":"CONFIRM",
"url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
"name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"name":"GLSA-201903-10",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201903-10"
"name": "GLSA-201903-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name":"https://www.tenable.com/security/tns-2018-16",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2018-16"
"name": "https://www.tenable.com/security/tns-2018-16",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"name":"45785",
"refsource":"EXPLOIT-DB",
"url":"https://www.exploit-db.com/exploits/45785/"
"name": "45785",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45785/"
},
{
"name":"[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"name":"https://github.com/bbbrumley/portsmash",
"refsource":"MISC",
"url":"https://github.com/bbbrumley/portsmash"
"name": "https://github.com/bbbrumley/portsmash",
"refsource": "MISC",
"url": "https://github.com/bbbrumley/portsmash"
},
{
"name":"DSA-4348",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4348"
"name": "DSA-4348",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"name":"105897",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105897"
"name": "105897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105897"
},
{
"name":"https://eprint.iacr.org/2018/1060.pdf",
"refsource":"MISC",
"url":"https://eprint.iacr.org/2018/1060.pdf"
"name": "https://eprint.iacr.org/2018/1060.pdf",
"refsource": "MISC",
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:0651",
"url":"https://access.redhat.com/errata/RHSA-2019:0651"
"refsource": "REDHAT",
"name": "RHSA-2019:0651",
"url": "https://access.redhat.com/errata/RHSA-2019:0651"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:0652",
"url":"https://access.redhat.com/errata/RHSA-2019:0652"
"refsource": "REDHAT",
"name": "RHSA-2019:0652",
"url": "https://access.redhat.com/errata/RHSA-2019:0652"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

91
2018/6xxx/CVE-2018-6485.json
View File

@ -1,85 +1,86 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-6485",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6485",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption."
"lang": "eng",
"value": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://sourceware.org/bugzilla/show_bug.cgi?id=22343",
"refsource":"CONFIRM",
"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22343"
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343"
},
{
"name":"102912",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/102912"
"name": "102912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102912"
},
{
"name":"http://bugs.debian.org/878159",
"refsource":"CONFIRM",
"url":"http://bugs.debian.org/878159"
"name": "http://bugs.debian.org/878159",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/878159"
},
{
"name":"RHSA-2018:3092",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:3092"
"name": "RHSA-2018:3092",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3092"
},
{
"refsource":"CONFIRM",
"name":"https://security.netapp.com/advisory/ntap-20190404-0003/",
"url":"https://security.netapp.com/advisory/ntap-20190404-0003/"
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190404-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190404-0003/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

193
2018/7xxx/CVE-2018-7489.json
View File

@ -1,170 +1,171 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-7489",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7489",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath."
"lang": "eng",
"value": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"103203",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/103203"
"name": "103203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103203"
},
{
"name":"RHSA-2018:1448",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1448"
"name": "RHSA-2018:1448",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1448"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"RHSA-2018:1449",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1449"
"name": "RHSA-2018:1449",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us"
},
{
"name":"RHSA-2018:2938",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2938"
"name": "RHSA-2018:2938",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2938"
},
{
"name":"RHSA-2018:1450",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1450"
"name": "RHSA-2018:1450",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180328-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180328-0001/"
"name": "https://security.netapp.com/advisory/ntap-20180328-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180328-0001/"
},
{
"name":"RHSA-2018:2090",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2090"
"name": "RHSA-2018:2090",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2090"
},
{
"name":"RHSA-2018:2939",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2939"
"name": "RHSA-2018:2939",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2939"
},
{
"name":"1041890",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041890"
"name": "1041890",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041890"
},
{
"name":"1040693",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040693"
"name": "1040693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040693"
},
{
"name":"https://github.com/FasterXML/jackson-databind/issues/1931",
"refsource":"CONFIRM",
"url":"https://github.com/FasterXML/jackson-databind/issues/1931"
"name": "https://github.com/FasterXML/jackson-databind/issues/1931",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/1931"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"RHSA-2018:1786",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1786"
"name": "RHSA-2018:1786",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1786"
},
{
"name":"RHSA-2018:1451",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1451"
"name": "RHSA-2018:1451",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1451"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"DSA-4190",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4190"
"name": "DSA-4190",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4190"
},
{
"name":"RHSA-2018:1447",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1447"
"name": "RHSA-2018:1447",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1447"
},
{
"name":"RHSA-2018:2088",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2088"
"name": "RHSA-2018:2088",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2088"
},
{
"name":"RHSA-2018:2089",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2089"
"name": "RHSA-2018:2089",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2089"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

163
2018/7xxx/CVE-2018-7566.json
View File

@ -1,145 +1,146 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-7566",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7566",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user."
"lang": "eng",
"value": "The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"USN-3631-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3631-2/"
"name": "USN-3631-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3631-2/"
},
{
"name":"DSA-4187",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4187"
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name":"USN-3631-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3631-1/"
"name": "USN-3631-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3631-1/"
},
{
"name":"RHSA-2018:2390",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2390"
"name": "RHSA-2018:2390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name":"RHSA-2018:2395",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2395"
"name": "RHSA-2018:2395",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name":"RHSA-2018:2384",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2384"
"name": "RHSA-2018:2384",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"name":"DSA-4188",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4188"
"name": "DSA-4188",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource":"CONFIRM",
"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name":"RHSA-2018:2948",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2948"
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da",
"refsource":"CONFIRM",
"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da"
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da"
},
{
"name":"103605",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/103605"
"name": "103605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103605"
},
{
"name":"[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name":"[alsa-devel] 20180214 [PATCH] ALSA: seq: Fix racy pool initializations",
"refsource":"MLIST",
"url":"http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html"
"name": "[alsa-devel] 20180214 [PATCH] ALSA: seq: Fix racy pool initializations",
"refsource": "MLIST",
"url": "http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html"
},
{
"name":"USN-3798-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3798-1/"
"name": "USN-3798-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3798-1/"
},
{
"name":"USN-3798-2",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3798-2/"
"name": "USN-3798-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3798-2/"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1550142",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1550142"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1550142",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550142"
},
{
"name":"SUSE-SU-2018:0834",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
"name": "SUSE-SU-2018:0834",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

123
2018/8xxx/CVE-2018-8013.json
View File

@ -1,111 +1,112 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"DATE_PUBLIC":"2018-05-23T00:00:00",
"ID":"CVE-2018-8013",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-05-23T00:00:00",
"ID": "CVE-2018-8013",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache Batik",
"version":{
"version_data":[
"product_name": "Apache Batik",
"version": {
"version_data": [
{
"version_value":"1.0 - 1.9.1"
"version_value": "1.0 - 1.9.1"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization."
"lang": "eng",
"value": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"104252",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104252"
"name": "104252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104252"
},
{
"name":"https://xmlgraphics.apache.org/security.html",
"refsource":"CONFIRM",
"url":"https://xmlgraphics.apache.org/security.html"
"name": "https://xmlgraphics.apache.org/security.html",
"refsource": "CONFIRM",
"url": "https://xmlgraphics.apache.org/security.html"
},
{
"name":"[debian-lts-announce] 20180525 [SECURITY] [DLA 1385-1] batik security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
"name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1385-1] batik security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
},
{
"name":"DSA-4215",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4215"
"name": "DSA-4215",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4215"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"USN-3661-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3661-1/"
"name": "USN-3661-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3661-1/"
},
{
"name":"[xmlgraphics-batik-dev] 20180523 [CVE-2018-8013] Apache Batik information disclosure vulnerability",
"refsource":"MLIST",
"url":"https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e"
"name": "[xmlgraphics-batik-dev] 20180523 [CVE-2018-8013] Apache Batik information disclosure vulnerability",
"refsource": "MLIST",
"url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e"
},
{
"name":"1040995",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040995"
"name": "1040995",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040995"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

213
2018/8xxx/CVE-2018-8034.json
View File

@ -1,190 +1,191 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"DATE_PUBLIC":"2018-07-22T00:00:00",
"ID":"CVE-2018-8034",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-07-22T00:00:00",
"ID": "CVE-2018-8034",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache Tomcat",
"version":{
"version_data":[
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value":"9.0.0.M1 to 9.0.9"
"version_value": "9.0.0.M1 to 9.0.9"
},
{
"version_value":"8.5.0 to 8.5.31"
"version_value": "8.5.0 to 8.5.31"
},
{
"version_value":"8.0.0.RC1 to 8.0.52"
"version_value": "8.0.0.RC1 to 8.0.52"
},
{
"version_value":"7.0.35 to 7.0.88"
"version_value": "7.0.35 to 7.0.88"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88."
"lang": "eng",
"value": "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Security Constraint Bypass"
"lang": "eng",
"value": "Security Constraint Bypass"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"USN-3723-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3723-1/"
"name": "USN-3723-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3723-1/"
},
{
"name":"[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass",
"refsource":"MLIST",
"url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E"
"name": "[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass",
"refsource": "MLIST",
"url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E"
},
{
"name":"RHSA-2019:0451",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0451"
"name": "RHSA-2019:0451",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0451"
},
{
"name":"[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html"
"name": "[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html"
},
{
"name":"DSA-4281",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2018/dsa-4281"
"name": "DSA-4281",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4281"
},
{
"name":"1041374",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1041374"
"name": "1041374",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041374"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180817-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180817-0001/"
"name": "https://security.netapp.com/advisory/ntap-20180817-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180817-0001/"
},
{
"name":"RHSA-2019:0131",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0131"
"name": "RHSA-2019:0131",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0131"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"RHSA-2019:0130",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0130"
"name": "RHSA-2019:0130",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0130"
},
{
"name":"RHSA-2019:0450",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2019:0450"
"name": "RHSA-2019:0450",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0450"
},
{
"name":"[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update",
"refsource":"MLIST",
"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html"
"name": "[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html"
},
{
"name":"104895",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104895"
"name": "104895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104895"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}

241
2018/8xxx/CVE-2018-8088.json
View File

@ -1,210 +1,211 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2018-8088",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8088",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data."
"lang": "eng",
"value": "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2018:1448",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1448"
"name": "RHSA-2018:1448",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1448"
},
{
"name":"1040627",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1040627"
"name": "1040627",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040627"
},
{
"name":"RHSA-2018:1449",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1449"
"name": "RHSA-2018:1449",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name":"https://jira.qos.ch/browse/SLF4J-431",
"refsource":"MISC",
"url":"https://jira.qos.ch/browse/SLF4J-431"
"name": "https://jira.qos.ch/browse/SLF4J-431",
"refsource": "MISC",
"url": "https://jira.qos.ch/browse/SLF4J-431"
},
{
"name":"RHSA-2018:1248",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1248"
"name": "RHSA-2018:1248",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1248"
},
{
"name":"RHSA-2018:1251",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1251"
"name": "RHSA-2018:1251",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1251"
},
{
"name":"RHSA-2018:2143",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2143"
"name": "RHSA-2018:2143",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2143"
},
{
"name":"RHSA-2018:1450",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1450"
"name": "RHSA-2018:1450",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name":"RHSA-2018:2669",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2669"
"name": "RHSA-2018:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name":"RHSA-2018:1323",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1323"
"name": "RHSA-2018:1323",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1323"
},
{
"name":"https://jira.qos.ch/browse/SLF4J-430",
"refsource":"MISC",
"url":"https://jira.qos.ch/browse/SLF4J-430"
"name": "https://jira.qos.ch/browse/SLF4J-430",
"refsource": "MISC",
"url": "https://jira.qos.ch/browse/SLF4J-430"
},
{
"name":"RHSA-2018:2420",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2420"
"name": "RHSA-2018:2420",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2420"
},
{
"name":"RHSA-2018:0630",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0630"
"name": "RHSA-2018:0630",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0630"
},
{
"name":"RHSA-2018:1525",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1525"
"name": "RHSA-2018:1525",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1525"
},
{
"name":"RHSA-2018:1575",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1575"
"name": "RHSA-2018:1575",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1575"
},
{
"name":"RHSA-2018:1451",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1451"
"name": "RHSA-2018:1451",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1451"
},
{
"name":"RHSA-2018:0629",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0629"
"name": "RHSA-2018:0629",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0629"
},
{
"name":"RHSA-2018:0628",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0628"
"name": "RHSA-2018:0628",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0628"
},
{
"name":"RHSA-2018:0582",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0582"
"name": "RHSA-2018:0582",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0582"
},
{
"name":"103737",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/103737"
"name": "103737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103737"
},
{
"name":"https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405",
"refsource":"MISC",
"url":"https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405"
"name": "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405",
"refsource": "MISC",
"url": "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405"
},
{
"name":"RHSA-2018:2419",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2419"
"name": "RHSA-2018:2419",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2419"
},
{
"name":"RHSA-2018:1447",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1447"
"name": "RHSA-2018:1447",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1447"
},
{
"name":"RHSA-2018:1247",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1247"
"name": "RHSA-2018:1247",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1247"
},
{
"name":"RHSA-2018:0627",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0627"
"name": "RHSA-2018:0627",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0627"
},
{
"name":"RHSA-2018:2930",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2930"
"name": "RHSA-2018:2930",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2930"
},
{
"name":"RHSA-2018:1249",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:1249"
"name": "RHSA-2018:1249",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1249"
},
{
"name":"RHSA-2018:0592",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:0592"
"name": "RHSA-2018:0592",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0592"
},
{
"refsource":"MLIST",
"name":"[infra-devnull] 20190321 [GitHub] [tika] dadoonet opened pull request #268: Update slf4j to 1.8.0-beta4",
"url":"https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f@%3Cdevnull.infra.apache.org%3E"
"refsource": "MLIST",
"name": "[infra-devnull] 20190321 [GitHub] [tika] dadoonet opened pull request #268: Update slf4j to 1.8.0-beta4",
"url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f@%3Cdevnull.infra.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[infra-devnull] 20190321 [GitHub] [tika] grossws commented on issue #268: Update slf4j to 1.8.0-beta4",
"url":"https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa@%3Cdevnull.infra.apache.org%3E"
"refsource": "MLIST",
"name": "[infra-devnull] 20190321 [GitHub] [tika] grossws commented on issue #268: Update slf4j to 1.8.0-beta4",
"url": "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa@%3Cdevnull.infra.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}