admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-04-13 11:03:06 -04:00
parent 2124441bc1
commit cac898b082
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 279 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
2016/9xxx/CVE-2016-9646.json
View File

@ -1,75 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2016-12-29T19:29:00.000Z",
"ID": "CVE-2016-9646",
"STATE": "PUBLIC",
"TITLE": "Commit metadata forgery via CGI::FormBuilder context-dependent APIs"
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"DATE_PUBLIC" : "2016-12-29T19:29:00.000Z",
"ID" : "CVE-2016-9646",
"STATE" : "PUBLIC",
"TITLE" : "Commit metadata forgery via CGI::FormBuilder context-dependent APIs"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
"product_name" : "ikiwiki",
"version" : {
"version_data" : [
{
"version_value" : "before 3.20161229"
"version_value" : "before 3.20161229"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
"vendor_name" : "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "ikiwiki incorrectly before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery."
"lang" : "eng",
"value" : "ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "commit metadata forgery"
"lang" : "eng",
"value" : "commit metadata forgery"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://ikiwiki.info/security/#cve-2016-9646"
"name" : "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"refsource" : "MLIST",
"url" : "https://marc.info/?l=oss-security&m=148304341511854&w=2"
},
{
"url": "https://www.debian.org/security/2017/dsa-3760"
"name" : "https://ikiwiki.info/security/#cve-2016-9646",
"refsource" : "CONFIRM",
"url" : "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"url": "https://marc.info/?l=oss-security&m=148304341511854&w=2"
"name" : "https://security-tracker.debian.org/tracker/CVE-2016-9646",
"refsource" : "CONFIRM",
"url" : "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
"name" : "DSA-3760",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3760"
}
]
},
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9646",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://ikiwiki.info/security/#cve-2016-9646",
"discovery" : "UNKNOWN"
}
}

78
2017/0xxx/CVE-2017-0356.json
View File

@ -1,72 +1,78 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2017-01-11T23:51:00.000Z",
"ID": "CVE-2017-0356",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass via repeated parameters"
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"DATE_PUBLIC" : "2017-01-11T23:51:00.000Z",
"ID" : "CVE-2017-0356",
"STATE" : "PUBLIC",
"TITLE" : "Authentication bypass via repeated parameters"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
"product_name" : "ikiwiki",
"version" : {
"version_data" : [
{
"version_value": "before 3.20170111"
"version_value" : "before 3.20170111"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
"vendor_name" : "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A flaw, similar to to CVE-2016-9646, exists in ikiwiki, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters."
"lang" : "eng",
"value" : "A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "authentication bypass"
"lang" : "eng",
"value" : "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://marc.info/?l=oss-security&m=148418234314276&w=2"
"name" : "[oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters",
"refsource" : "MLIST",
"url" : "https://marc.info/?l=oss-security&m=148418234314276&w=2"
},
{
"url": "https://www.debian.org/security/2017/dsa-3760"
"name" : "https://ikiwiki.info/security/#cve-2017-0356",
"refsource" : "CONFIRM",
"url" : "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"url": "https://ikiwiki.info/security/#cve-2017-0356"
"name" : "DSA-3760",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3760"
}
]
},
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2017-0356",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://ikiwiki.info/security/#cve-2017-0356",
"discovery" : "UNKNOWN"
}
}

74
2017/0xxx/CVE-2017-0357.json
View File

@ -1,69 +1,73 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2017-01-12T23:00:00.000Z",
"ID": "CVE-2017-0357",
"STATE": "PUBLIC",
"TITLE": "iucode-tool: heap buffer overflow on -tr loader"
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"DATE_PUBLIC" : "2017-01-12T23:00:00.000Z",
"ID" : "CVE-2017-0357",
"STATE" : "PUBLIC",
"TITLE" : "iucode-tool: heap buffer overflow on -tr loader"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "iucode-tool",
"version": {
"version_data": [
"product_name" : "iucode-tool",
"version" : {
"version_data" : [
{
"version_value": "starting with v1.4; before v2.1.1"
"version_value" : "starting with v1.4; before v2.1.1"
}
]
}
}
]
},
"vendor_name": "iucode-tool"
"vendor_name" : "iucode-tool"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A heap-overflow flaw exists in the -tr loader of iucode-tool, potentially leading to SIGSEGV, or heap corruption."
"lang" : "eng",
"value" : "A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "heap-buffer overflow"
"lang" : "eng",
"value" : "heap-buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0357"
"name" : "https://gitlab.com/iucode-tool/iucode-tool/issues/3",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/iucode-tool/iucode-tool/issues/3"
},
{
"url": "https://gitlab.com/iucode-tool/iucode-tool/issues/3"
"name" : "https://security-tracker.debian.org/tracker/CVE-2017-0357",
"refsource" : "CONFIRM",
"url" : "https://security-tracker.debian.org/tracker/CVE-2017-0357"
}
]
},
"source": {
"advisory": "https://gitlab.com/iucode-tool/iucode-tool/issues/3",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://gitlab.com/iucode-tool/iucode-tool/issues/3",
"discovery" : "UNKNOWN"
}
}

84
2017/0xxx/CVE-2017-0358.json
View File

@ -1,78 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2017-02-01T05:44:00.000Z",
"ID": "CVE-2017-0358",
"STATE": "PUBLIC",
"TITLE": "ntfs-3g: Modprobe influence vulnerability via environment variables"
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"DATE_PUBLIC" : "2017-02-01T05:44:00.000Z",
"ID" : "CVE-2017-0358",
"STATE" : "PUBLIC",
"TITLE" : "ntfs-3g: Modprobe influence vulnerability via environment variables"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "ntfs-3g",
"version": {
"version_data": [
"product_name" : "ntfs-3g",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name": "ntfs-3g"
"vendor_name" : "ntfs-3g"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Jann Horn of Google Project Zero"
"lang" : "eng",
"value" : "Jann Horn of Google Project Zero"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation."
"lang" : "eng",
"value" : "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "privilege escalation"
"lang" : "eng",
"value" : "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://security-tracker.debian.org/tracker/DSA-3780-1"
"name" : "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables",
"refsource" : "MLIST",
"url" : "https://marc.info/?l=oss-security&m=148594671929354&w=2"
},
{
"url": "https://marc.info/?l=oss-security&m=148594671929354&w=2"
"name" : "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/04/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2017/02/04/1"
"name" : "DSA-3780",
"refsource" : "DEBIAN",
"url" : "https://security-tracker.debian.org/tracker/DSA-3780-1"
}
]
},
"source": {
"advisory": "https://marc.info/?l=oss-security&m=148594671929354&w=2",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://marc.info/?l=oss-security&m=148594671929354&w=2",
"discovery" : "UNKNOWN"
}
}

18
2018/10xxx/CVE-2018-10090.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10090",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/10xxx/CVE-2018-10091.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10091",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/10xxx/CVE-2018-10092.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10092",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/10xxx/CVE-2018-10093.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10093",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/10xxx/CVE-2018-10094.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10094",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/10xxx/CVE-2018-10095.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10095",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}