diff --git a/2017/0xxx/CVE-2017-0359.json b/2017/0xxx/CVE-2017-0359.json index 76fe1faa00c..7853b97ffe7 100644 --- a/2017/0xxx/CVE-2017-0359.json +++ b/2017/0xxx/CVE-2017-0359.json @@ -1,69 +1,73 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@debian.org", - "DATE_PUBLIC": "2017-02-09T21:14:00.000Z", - "ID": "CVE-2017-0359", - "STATE": "PUBLIC", - "TITLE": "diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive" + "CVE_data_meta" : { + "ASSIGNER" : "security@debian.org", + "DATE_PUBLIC" : "2017-02-09T21:14:00.000Z", + "ID" : "CVE-2017-0359", + "STATE" : "PUBLIC", + "TITLE" : "diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "diffoscope", - "version": { - "version_data": [ + "product_name" : "diffoscope", + "version" : { + "version_data" : [ { - "version_value": "before 77" + "version_value" : "before 77" } ] } } ] }, - "vendor_name": "Debian" + "vendor_name" : "Debian" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive." + "lang" : "eng", + "value" : "diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "writes to arbitrary locations" + "lang" : "eng", + "value" : "writes to arbitrary locations" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2017-0359" + "name" : "https://bugs.debian.org/854723", + "refsource" : "CONFIRM", + "url" : "https://bugs.debian.org/854723" }, { - "url": "https://bugs.debian.org/854723" + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0359", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0359" } ] }, - "source": { - "advisory": "https://bugs.debian.org/854723", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "https://bugs.debian.org/854723", + "discovery" : "UNKNOWN" } } diff --git a/2017/0xxx/CVE-2017-0361.json b/2017/0xxx/CVE-2017-0361.json index 6bf6bb907ae..74106ce4265 100644 --- a/2017/0xxx/CVE-2017-0361.json +++ b/2017/0xxx/CVE-2017-0361.json @@ -1,72 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@debian.org", - "DATE_PUBLIC": "2017-04-06T20:49:00.000Z", - "ID": "CVE-2017-0361", - "STATE": "PUBLIC", - "TITLE": "api.log contains passwords in plaintext" + "CVE_data_meta" : { + "ASSIGNER" : "security@debian.org", + "DATE_PUBLIC" : "2017-04-06T20:49:00.000Z", + "ID" : "CVE-2017-0361", + "STATE" : "PUBLIC", + "TITLE" : "api.log contains passwords in plaintext" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "mediawiki", - "version": { - "version_data": [ + "product_name" : "mediawiki", + "version" : { + "version_data" : [ { - "version_value": "n/a" + "version_value" : "n/a" } ] } } ] }, - "vendor_name": "mediawiki" + "vendor_name" : "mediawiki" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Mediawiki contains an information disclosure flaw, were the api.log might contain passwords in plaintext." + "lang" : "eng", + "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "information disclosure" + "lang" : "eng", + "value" : "information disclosure" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2017-0361" + "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource" : "MLIST", + "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" }, { - "url": "https://phabricator.wikimedia.org/T125177" + "name" : "https://phabricator.wikimedia.org/T125177", + "refsource" : "CONFIRM", + "url" : "https://phabricator.wikimedia.org/T125177" }, { - "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0361", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0361" } ] }, - "source": { - "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery" : "UNKNOWN" } } diff --git a/2017/0xxx/CVE-2017-0362.json b/2017/0xxx/CVE-2017-0362.json index 16424a91d85..31b8cad907d 100644 --- a/2017/0xxx/CVE-2017-0362.json +++ b/2017/0xxx/CVE-2017-0362.json @@ -1,72 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@debian.org", - "DATE_PUBLIC": "2017-04-06T20:49:19.000Z", - "ID": "CVE-2017-0362", - "STATE": "PUBLIC", - "TITLE": "\"Mark all pages visited\" on the watchlist does not require a CSRF token" + "CVE_data_meta" : { + "ASSIGNER" : "security@debian.org", + "DATE_PUBLIC" : "2017-04-06T20:49:19.000Z", + "ID" : "CVE-2017-0362", + "STATE" : "PUBLIC", + "TITLE" : "\"Mark all pages visited\" on the watchlist does not require a CSRF token" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "mediawiki", - "version": { - "version_data": [ + "product_name" : "mediawiki", + "version" : { + "version_data" : [ { - "version_value": "n/a" + "version_value" : "n/a" } ] } } ] }, - "vendor_name": "mediawiki" + "vendor_name" : "mediawiki" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Mediawiki contains a flaw where the \"Mark all pages visited\" on the watchlist does not require a CSRF token." + "lang" : "eng", + "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the \"Mark all pages visited\" on the watchlist does not require a CSRF token." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "missing requirement on token" + "lang" : "eng", + "value" : "missing requirement on token" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2017-0362" + "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource" : "MLIST", + "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" }, { - "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + "name" : "https://phabricator.wikimedia.org/T150044", + "refsource" : "CONFIRM", + "url" : "https://phabricator.wikimedia.org/T150044" }, { - "url": "https://phabricator.wikimedia.org/T150044" + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0362", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0362" } ] }, - "source": { - "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery" : "UNKNOWN" } } diff --git a/2017/0xxx/CVE-2017-0363.json b/2017/0xxx/CVE-2017-0363.json index 665d8557d1e..b086ee051dc 100644 --- a/2017/0xxx/CVE-2017-0363.json +++ b/2017/0xxx/CVE-2017-0363.json @@ -1,72 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@debian.org", - "DATE_PUBLIC": "2017-04-06T20:49:00.000Z", - "ID": "CVE-2017-0363", - "STATE": "PUBLIC", - "TITLE": "Special:UserLogin?returnto=interwiki:foo will redirect to external sites" + "CVE_data_meta" : { + "ASSIGNER" : "security@debian.org", + "DATE_PUBLIC" : "2017-04-06T20:49:00.000Z", + "ID" : "CVE-2017-0363", + "STATE" : "PUBLIC", + "TITLE" : "Special:UserLogin?returnto=interwiki:foo will redirect to external sites" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "mediawiki", - "version": { - "version_data": [ + "product_name" : "mediawiki", + "version" : { + "version_data" : [ { - "version_value": "n/a" + "version_value" : "n/a" } ] } } ] }, - "vendor_name": "mediawiki" + "vendor_name" : "mediawiki" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Mediawiki flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites" + "lang" : "eng", + "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "redirection to other external sites" + "lang" : "eng", + "value" : "redirection to other external sites" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2017-03613" + "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource" : "MLIST", + "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" }, { - "url": "https://phabricator.wikimedia.org/T109140" + "name" : "https://phabricator.wikimedia.org/T109140", + "refsource" : "CONFIRM", + "url" : "https://phabricator.wikimedia.org/T109140" }, { - "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0363", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0363" } ] }, - "source": { - "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery" : "UNKNOWN" } } diff --git a/2017/0xxx/CVE-2017-0364.json b/2017/0xxx/CVE-2017-0364.json index 163a1feec03..903cd987aef 100644 --- a/2017/0xxx/CVE-2017-0364.json +++ b/2017/0xxx/CVE-2017-0364.json @@ -1,72 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@debian.org", - "DATE_PUBLIC": "2017-04-06T20:49:00.000Z", - "ID": "CVE-2017-0364", - "STATE": "PUBLIC", - "TITLE": "Special:Search allows redirects to any interwiki link" + "CVE_data_meta" : { + "ASSIGNER" : "security@debian.org", + "DATE_PUBLIC" : "2017-04-06T20:49:00.000Z", + "ID" : "CVE-2017-0364", + "STATE" : "PUBLIC", + "TITLE" : "Special:Search allows redirects to any interwiki link" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "mediawiki", - "version": { - "version_data": [ + "product_name" : "mediawiki", + "version" : { + "version_data" : [ { - "version_value": "n/a" + "version_value" : "n/a" } ] } } ] }, - "vendor_name": "mediawiki" + "vendor_name" : "mediawiki" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Mediawiki contains a flaw where Special:Search allows redirects to any interwiki link." + "lang" : "eng", + "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "rediretion to any interwiki link" + "lang" : "eng", + "value" : "rediretion to any interwiki link" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2017-0364" + "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource" : "MLIST", + "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" }, { - "url": "https://phabricator.wikimedia.org/T122209" + "name" : "https://phabricator.wikimedia.org/T122209", + "refsource" : "CONFIRM", + "url" : "https://phabricator.wikimedia.org/T122209" }, { - "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0364", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0364" } ] }, - "source": { - "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery" : "UNKNOWN" } } diff --git a/2017/0xxx/CVE-2017-0365.json b/2017/0xxx/CVE-2017-0365.json index 954226f9b99..817a22abccd 100644 --- a/2017/0xxx/CVE-2017-0365.json +++ b/2017/0xxx/CVE-2017-0365.json @@ -1,72 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@debian.org", - "DATE_PUBLIC": "2017-04-06T20:49:00.000Z", - "ID": "CVE-2017-0365", - "STATE": "PUBLIC", - "TITLE": "XSS in SearchHighlighter::highlightText() [requires non-default config]" + "CVE_data_meta" : { + "ASSIGNER" : "security@debian.org", + "DATE_PUBLIC" : "2017-04-06T20:49:00.000Z", + "ID" : "CVE-2017-0365", + "STATE" : "PUBLIC", + "TITLE" : "XSS in SearchHighlighter::highlightText() [requires non-default config]" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "mediawiki", - "version": { - "version_data": [ + "product_name" : "mediawiki", + "version" : { + "version_data" : [ { - "version_value": "n/a" + "version_value" : "n/a" } ] } } ] }, - "vendor_name": "mediawiki" + "vendor_name" : "mediawiki" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Mediawiki contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations." + "lang" : "eng", + "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "cross-site scripting" + "lang" : "eng", + "value" : "cross-site scripting" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2017-0365" + "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource" : "MLIST", + "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" }, { - "url": "https://phabricator.wikimedia.org/T144845" + "name" : "https://phabricator.wikimedia.org/T144845", + "refsource" : "CONFIRM", + "url" : "https://phabricator.wikimedia.org/T144845" }, { - "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0365", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0365" } ] }, - "source": { - "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery" : "UNKNOWN" } } diff --git a/2017/0xxx/CVE-2017-0366.json b/2017/0xxx/CVE-2017-0366.json index 78a0ffb51af..c9ba2e55c85 100644 --- a/2017/0xxx/CVE-2017-0366.json +++ b/2017/0xxx/CVE-2017-0366.json @@ -1,72 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@debian.org", - "DATE_PUBLIC": "2017-04-06T20:49:00.000Z", - "ID": "CVE-2017-0366", - "STATE": "PUBLIC", - "TITLE": "SVG filter evasion using default attribute values in DTD declaration" + "CVE_data_meta" : { + "ASSIGNER" : "security@debian.org", + "DATE_PUBLIC" : "2017-04-06T20:49:00.000Z", + "ID" : "CVE-2017-0366", + "STATE" : "PUBLIC", + "TITLE" : "SVG filter evasion using default attribute values in DTD declaration" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "mediawiki", - "version": { - "version_data": [ + "product_name" : "mediawiki", + "version" : { + "version_data" : [ { - "version_value": "n/a" + "version_value" : "n/a" } ] } } ] }, - "vendor_name": "mediawiki" + "vendor_name" : "mediawiki" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Mediawiki contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration." + "lang" : "eng", + "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "bypass filter" + "lang" : "eng", + "value" : "bypass filter" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2017-0366" + "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource" : "MLIST", + "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" }, { - "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + "name" : "https://phabricator.wikimedia.org/T151735", + "refsource" : "CONFIRM", + "url" : "https://phabricator.wikimedia.org/T151735" }, { - "url": "https://phabricator.wikimedia.org/T151735" + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0366", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0366" } ] }, - "source": { - "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery" : "UNKNOWN" } } diff --git a/2017/0xxx/CVE-2017-0367.json b/2017/0xxx/CVE-2017-0367.json index 2184b38e2f1..b85c6b0099e 100644 --- a/2017/0xxx/CVE-2017-0367.json +++ b/2017/0xxx/CVE-2017-0367.json @@ -1,72 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@debian.org", - "DATE_PUBLIC": "2017-04-06T20:49:00.000Z", - "ID": "CVE-2017-0367", - "STATE": "PUBLIC", - "TITLE": "Having LocalisationCache directory default to system tmp directory is insecure" + "CVE_data_meta" : { + "ASSIGNER" : "security@debian.org", + "DATE_PUBLIC" : "2017-04-06T20:49:00.000Z", + "ID" : "CVE-2017-0367", + "STATE" : "PUBLIC", + "TITLE" : "Having LocalisationCache directory default to system tmp directory is insecure" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "mediawiki", - "version": { - "version_data": [ + "product_name" : "mediawiki", + "version" : { + "version_data" : [ { - "version_value": "n/a" + "version_value" : "n/a" } ] } } ] }, - "vendor_name": "mediawiki" + "vendor_name" : "mediawiki" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Mediawiki contains an unsafe use of temporary directory, where having ocalisationCache directory default to system tmp directory is insecure." + "lang" : "eng", + "value" : "Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "usafe use of system tmp directory." + "lang" : "eng", + "value" : "usafe use of system tmp directory." } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2017-0367" + "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource" : "MLIST", + "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" }, { - "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + "name" : "https://phabricator.wikimedia.org/T161453", + "refsource" : "CONFIRM", + "url" : "https://phabricator.wikimedia.org/T161453" }, { - "url": "https://phabricator.wikimedia.org/T161453" + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0367", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0367" } ] }, - "source": { - "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery" : "UNKNOWN" } } diff --git a/2017/0xxx/CVE-2017-0368.json b/2017/0xxx/CVE-2017-0368.json index 28193289c62..ab187cfa0c3 100644 --- a/2017/0xxx/CVE-2017-0368.json +++ b/2017/0xxx/CVE-2017-0368.json @@ -1,72 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@debian.org", - "DATE_PUBLIC": "2017-04-06T20:49:00.000Z", - "ID": "CVE-2017-0368", - "STATE": "PUBLIC", - "TITLE": "Make rawHTML mode not apply to system messages" + "CVE_data_meta" : { + "ASSIGNER" : "security@debian.org", + "DATE_PUBLIC" : "2017-04-06T20:49:00.000Z", + "ID" : "CVE-2017-0368", + "STATE" : "PUBLIC", + "TITLE" : "Make rawHTML mode not apply to system messages" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "mediawiki", - "version": { - "version_data": [ + "product_name" : "mediawiki", + "version" : { + "version_data" : [ { - "version_value": "n/a" + "version_value" : "n/a" } ] } } ] }, - "vendor_name": "mediawiki" + "vendor_name" : "mediawiki" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Mediawiki contains a flaw making rawHTML mode apply to system messages." + "lang" : "eng", + "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "missing sanitization" + "lang" : "eng", + "value" : "missing sanitization" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2017-0368" + "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource" : "MLIST", + "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" }, { - "url": "https://phabricator.wikimedia.org/T156184" + "name" : "https://phabricator.wikimedia.org/T156184", + "refsource" : "CONFIRM", + "url" : "https://phabricator.wikimedia.org/T156184" }, { - "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0368", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0368" } ] }, - "source": { - "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery" : "UNKNOWN" } } diff --git a/2017/0xxx/CVE-2017-0369.json b/2017/0xxx/CVE-2017-0369.json index b891ac37243..c98681ce0b4 100644 --- a/2017/0xxx/CVE-2017-0369.json +++ b/2017/0xxx/CVE-2017-0369.json @@ -1,72 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@debian.org", - "DATE_PUBLIC": "2017-04-06T20:49:00.000Z", - "ID": "CVE-2017-0369", - "STATE": "PUBLIC", - "TITLE": "Sysops can undelete pages, although the page is protected against it" + "CVE_data_meta" : { + "ASSIGNER" : "security@debian.org", + "DATE_PUBLIC" : "2017-04-06T20:49:00.000Z", + "ID" : "CVE-2017-0369", + "STATE" : "PUBLIC", + "TITLE" : "Sysops can undelete pages, although the page is protected against it" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "mediawiki", - "version": { - "version_data": [ + "product_name" : "mediawiki", + "version" : { + "version_data" : [ { - "version_value": "n/a" + "version_value" : "n/a" } ] } } ] }, - "vendor_name": "mediawiki" + "vendor_name" : "mediawiki" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Mediawiki contains a flaw, allowing a sysops to undelete pages, although the page is protected against it." + "lang" : "eng", + "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "restriction bypass" + "lang" : "eng", + "value" : "restriction bypass" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2017-0369" + "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource" : "MLIST", + "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" }, { - "url": "https://phabricator.wikimedia.org/T108138" + "name" : "https://phabricator.wikimedia.org/T108138", + "refsource" : "CONFIRM", + "url" : "https://phabricator.wikimedia.org/T108138" }, { - "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0369", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0369" } ] }, - "source": { - "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery" : "UNKNOWN" } } diff --git a/2017/0xxx/CVE-2017-0370.json b/2017/0xxx/CVE-2017-0370.json index dabc48e7586..2e55c843ac2 100644 --- a/2017/0xxx/CVE-2017-0370.json +++ b/2017/0xxx/CVE-2017-0370.json @@ -1,72 +1,78 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@debian.org", - "DATE_PUBLIC": "2017-04-06T20:49:19.000Z", - "ID": "CVE-2017-0370", - "STATE": "PUBLIC", - "TITLE": "Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter" + "CVE_data_meta" : { + "ASSIGNER" : "security@debian.org", + "DATE_PUBLIC" : "2017-04-06T20:49:19.000Z", + "ID" : "CVE-2017-0370", + "STATE" : "PUBLIC", + "TITLE" : "Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "mediawiki", - "version": { - "version_data": [ + "product_name" : "mediawiki", + "version" : { + "version_data" : [ { - "version_value": "n/a" + "version_value" : "n/a" } ] } } ] }, - "vendor_name": "mediawiki" + "vendor_name" : "mediawiki" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Mediawiki contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter." + "lang" : "eng", + "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "blacklist ineffective on certain URLs" + "lang" : "eng", + "value" : "blacklist ineffective on certain URLs" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2017-0370" + "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource" : "MLIST", + "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" }, { - "url": "https://phabricator.wikimedia.org/T48143" + "name" : "https://phabricator.wikimedia.org/T48143", + "refsource" : "CONFIRM", + "url" : "https://phabricator.wikimedia.org/T48143" }, { - "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0370", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0370" } ] }, - "source": { - "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery" : "UNKNOWN" } } diff --git a/2017/0xxx/CVE-2017-0372.json b/2017/0xxx/CVE-2017-0372.json index 26c46eebd4e..7c29660a4f6 100644 --- a/2017/0xxx/CVE-2017-0372.json +++ b/2017/0xxx/CVE-2017-0372.json @@ -1,78 +1,88 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@debian.org", - "DATE_PUBLIC": "2017-04-06T20:49:00.000Z", - "ID": "CVE-2017-0372", - "STATE": "PUBLIC", - "TITLE": "Parameters injection in SyntaxHighlight results in multiple vulnerabilities" + "CVE_data_meta" : { + "ASSIGNER" : "security@debian.org", + "DATE_PUBLIC" : "2017-04-06T20:49:00.000Z", + "ID" : "CVE-2017-0372", + "STATE" : "PUBLIC", + "TITLE" : "Parameters injection in SyntaxHighlight results in multiple vulnerabilities" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "mediawiki (SyntaxHighlight extension)", - "version": { - "version_data": [ + "product_name" : "mediawiki (SyntaxHighlight extension)", + "version" : { + "version_data" : [ { - "version_value": "n/a" + "version_value" : "n/a" } ] } } ] }, - "vendor_name": "mediawiki" + "vendor_name" : "mediawiki" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Parameters injection in the SyntaxHighlight extension of mediawiki might result in multiple vulnerabilities." + "lang" : "eng", + "value" : "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "parameter injection" + "lang" : "eng", + "value" : "parameter injection" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://security-tracker.debian.org/tracker/CVE-2017-0372" + "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", + "refsource" : "MLIST", + "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" }, { - "url": "https://bugs.debian.org/861585" + "name" : "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2", + "refsource" : "MLIST", + "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html" }, { - "url": "https://phabricator.wikimedia.org/T158689" + "name" : "https://bugs.debian.org/861585", + "refsource" : "MISC", + "url" : "https://bugs.debian.org/861585" }, { - "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" + "name" : "https://phabricator.wikimedia.org/T158689", + "refsource" : "CONFIRM", + "url" : "https://phabricator.wikimedia.org/T158689" }, { - "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html" + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0372", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0372" } ] }, - "source": { - "advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", + "discovery" : "UNKNOWN" } } diff --git a/2018/10xxx/CVE-2018-10096.json b/2018/10xxx/CVE-2018-10096.json new file mode 100644 index 00000000000..f6d13718324 --- /dev/null +++ b/2018/10xxx/CVE-2018-10096.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10096", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/joyplus/joyplus-cms/issues/424", + "refsource" : "MISC", + "url" : "https://github.com/joyplus/joyplus-cms/issues/424" + } + ] + } +} diff --git a/2018/6xxx/CVE-2018-6546.json b/2018/6xxx/CVE-2018-6546.json index 762b20f44ca..78292c38da2 100644 --- a/2018/6xxx/CVE-2018-6546.json +++ b/2018/6xxx/CVE-2018-6546.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-6546", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.securifera.com/advisories/CVE-2018-6546/", + "refsource" : "MISC", + "url" : "https://www.securifera.com/advisories/CVE-2018-6546/" } ] } diff --git a/2018/6xxx/CVE-2018-6547.json b/2018/6xxx/CVE-2018-6547.json index 843c8b0c302..4102ff96d0e 100644 --- a/2018/6xxx/CVE-2018-6547.json +++ b/2018/6xxx/CVE-2018-6547.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-6547", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. This occurs without properly authenticating the user." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.securifera.com/advisories/CVE-2018-6547/", + "refsource" : "MISC", + "url" : "https://www.securifera.com/advisories/CVE-2018-6547/" } ] }