admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2017-11-16 21:04:51 -05:00
parent 605d6d3015
commit e12b6b8774
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
14 changed files with 703 additions and 649 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2017/1000xxx/CVE-2017-1000188.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1000188",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2017/1000xxx/CVE-2017-1000189.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1000189",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2017/1000xxx/CVE-2017-1000193.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.417002",
"ID": "CVE-2017-1000193",
"REQUESTER": "antirais@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "October CMS",
"version": {
"version_data": [
{
"version_value": "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name": "October CMS"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.417002",
"ID" : "CVE-2017-1000193",
"REQUESTER" : "antirais@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "October CMS",
"version" : {
"version_data" : [
{
"version_value" : "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name" : "October CMS"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-66d6dfe5e11488e1afefcb69b8bdaabfR31"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-66d6dfe5e11488e1afefcb69b8bdaabfR31"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000194.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.418368",
"ID": "CVE-2017-1000194",
"REQUESTER": "antirais@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "October CMS",
"version": {
"version_data": [
{
"version_value": "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name": "October CMS"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.418368",
"ID" : "CVE-2017-1000194",
"REQUESTER" : "antirais@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "October CMS",
"version" : {
"version_data" : [
{
"version_value" : "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name" : "October CMS"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Web server's configuration file upload"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Web server's configuration file upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R224"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R224"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000195.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.419778",
"ID": "CVE-2017-1000195",
"REQUESTER": "antirais@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "October CMS",
"version": {
"version_data": [
{
"version_value": "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name": "October CMS"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.419778",
"ID" : "CVE-2017-1000195",
"REQUESTER" : "antirais@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "October CMS",
"version" : {
"version_data" : [
{
"version_value" : "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name" : "October CMS"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "PHP object injection"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PHP object injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R317"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R317"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000196.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.421306",
"ID": "CVE-2017-1000196",
"REQUESTER": "antirais@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "October CMS",
"version": {
"version_data": [
{
"version_value": "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name": "October CMS"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.421306",
"ID" : "CVE-2017-1000196",
"REQUESTER" : "antirais@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "October CMS",
"version" : {
"version_data" : [
{
"version_value" : "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name" : "October CMS"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "File creation / upload"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File creation / upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R49"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-c328b7b99eac0d17b3c71eb37038fd61R49"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000197.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.423364",
"ID": "CVE-2017-1000197",
"REQUESTER": "antirais@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "October CMS",
"version": {
"version_data": [
{
"version_value": "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name": "October CMS"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.423364",
"ID" : "CVE-2017-1000197",
"REQUESTER" : "antirais@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "October CMS",
"version" : {
"version_data" : [
{
"version_value" : "1.0.412 (build 412)"
}
]
}
}
]
},
"vendor_name" : "October CMS"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-eef90a4e3585febf6489916dc242d0ceR241"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/octobercms/october/compare/v1.0.412...v1.0.413#diff-eef90a4e3585febf6489916dc242d0ceR241"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000198.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.424422",
"ID": "CVE-2017-1000198",
"REQUESTER": "mgerstner@suse.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tcmu-runner",
"version": {
"version_data": [
{
"version_value": "0.9.0 to 1.2.0"
}
]
}
}
]
},
"vendor_name": "https://github.com/open-iscsi/tcmu-runner"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.424422",
"ID" : "CVE-2017-1000198",
"REQUESTER" : "mgerstner@suse.de",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "tcmu-runner",
"version" : {
"version_data" : [
{
"version_value" : "0.9.0 to 1.2.0"
}
]
}
}
]
},
"vendor_name" : "https://github.com/open-iscsi/tcmu-runner"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/open-iscsi/tcmu-runner/commit/61bd03e600d2abf309173e9186f4d465bb1b7157"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/open-iscsi/tcmu-runner/commit/61bd03e600d2abf309173e9186f4d465bb1b7157"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000199.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.425439",
"ID": "CVE-2017-1000199",
"REQUESTER": "mgerstner@suse.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tcmu-runner",
"version": {
"version_data": [
{
"version_value": "0.9.1 to 1.2.0"
}
]
}
}
]
},
"vendor_name": "https://github.com/open-iscsi/tcmu-runner"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.425439",
"ID" : "CVE-2017-1000199",
"REQUESTER" : "mgerstner@suse.de",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "tcmu-runner",
"version" : {
"version_data" : [
{
"version_value" : "0.9.1 to 1.2.0"
}
]
}
}
]
},
"vendor_name" : "https://github.com/open-iscsi/tcmu-runner"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/open-iscsi/tcmu-runner/issues/194"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/open-iscsi/tcmu-runner/issues/194"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000200.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.426872",
"ID": "CVE-2017-1000200",
"REQUESTER": "mgerstner@suse.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tcmu-runner",
"version": {
"version_data": [
{
"version_value": "1.0.5 to 1.2.0"
}
]
}
}
]
},
"vendor_name": "https://github.com/open-iscsi/tcmu-runner"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.426872",
"ID" : "CVE-2017-1000200",
"REQUESTER" : "mgerstner@suse.de",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "tcmu-runner",
"version" : {
"version_data" : [
{
"version_value" : "1.0.5 to 1.2.0"
}
]
}
}
]
},
"vendor_name" : "https://github.com/open-iscsi/tcmu-runner"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/open-iscsi/tcmu-runner/pull/200/commits/bb80e9c7a798f035768260ebdadffb6eb0786178"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/open-iscsi/tcmu-runner/pull/200/commits/bb80e9c7a798f035768260ebdadffb6eb0786178"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000201.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.428183",
"ID": "CVE-2017-1000201",
"REQUESTER": "mgerstner@suse.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tcmu-runner",
"version": {
"version_data": [
{
"version_value": "1.0.5 to 1.2.0"
}
]
}
}
]
},
"vendor_name": "https://github.com/open-iscsi/tcmu-runner"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.428183",
"ID" : "CVE-2017-1000201",
"REQUESTER" : "mgerstner@suse.de",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "tcmu-runner",
"version" : {
"version_data" : [
{
"version_value" : "1.0.5 to 1.2.0"
}
]
}
}
]
},
"vendor_name" : "https://github.com/open-iscsi/tcmu-runner"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/open-iscsi/tcmu-runner/pull/200/commits/e2d953050766ac538615a811c64b34358614edce"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/open-iscsi/tcmu-runner/pull/200/commits/e2d953050766ac538615a811c64b34358614edce"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000208.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.436985",
"ID": "CVE-2017-1000208",
"REQUESTER": "mmo@semmle.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Swagger-Parser",
"version": {
"version_data": [
{
"version_value": "Swagger-Parser <= 1.0.30, Swagger-Codegen <= 2.2.2"
}
]
}
}
]
},
"vendor_name": "Swagger"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.436985",
"ID" : "CVE-2017-1000208",
"REQUESTER" : "mmo@semmle.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Swagger-Parser",
"version" : {
"version_data" : [
{
"version_value" : "Swagger-Parser <= 1.0.30, Swagger-Codegen <= 2.2.2"
}
]
}
}
]
},
"vendor_name" : "Swagger"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbitrary code execution"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/swagger-api/swagger-parser/releases/tag/v1.0.31"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/swagger-api/swagger-parser/releases/tag/v1.0.31"
}
]
}
}

118
2017/1000xxx/CVE-2017-1000209.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.438874",
"ID": "CVE-2017-1000209",
"REQUESTER": "bjorn.lunden@2secure.se",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nv-websocket-client",
"version": {
"version_data": [
{
"version_value": "2.0 and older"
}
]
}
}
]
},
"vendor_name": "Neo Visionaries Inc."
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.438874",
"ID" : "CVE-2017-1000209",
"REQUESTER" : "bjorn.lunden@2secure.se",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "nv-websocket-client",
"version" : {
"version_data" : [
{
"version_value" : "2.0 and older"
}
]
}
}
]
},
"vendor_name" : "Neo Visionaries Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing SSL certification hostname verification"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing SSL certification hostname verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/TakahikoKawasaki/nv-websocket-client/pull/107"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/TakahikoKawasaki/nv-websocket-client/pull/107"
}
]
}
}

18
2017/1000xxx/CVE-2017-1000228.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1000228",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}