admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-11-08 15:05:23 -05:00
parent 60aa312331
commit 01c9c568e8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 406 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2018/19xxx/CVE-2018-19044.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19044", "ID" : "CVE-2018-19044",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141",
"refsource" : "MISC",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"name" : "https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306",
"refsource" : "MISC",
"url" : "https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306"
},
{
"name" : "https://github.com/acassen/keepalived/issues/1048",
"refsource" : "MISC",
"url" : "https://github.com/acassen/keepalived/issues/1048"
} }
] ]
} }

63
2018/19xxx/CVE-2018-19045.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19045", "ID" : "CVE-2018-19045",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,43 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141",
"refsource" : "MISC",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"name" : "https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6",
"refsource" : "MISC",
"url" : "https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6"
},
{
"name" : "https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067",
"refsource" : "MISC",
"url" : "https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067"
},
{
"name" : "https://github.com/acassen/keepalived/issues/1048",
"refsource" : "MISC",
"url" : "https://github.com/acassen/keepalived/issues/1048"
} }
] ]
} }

53
2018/19xxx/CVE-2018-19046.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19046", "ID" : "CVE-2018-19046",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141",
"refsource" : "MISC",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"name" : "https://github.com/acassen/keepalived/issues/1048",
"refsource" : "MISC",
"url" : "https://github.com/acassen/keepalived/issues/1048"
} }
] ]
} }

72
2018/19xxx/CVE-2018-19115.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19115",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "keepalived through 2.0.8 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141",
"refsource" : "MISC",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141"
},
{
"name" : "https://github.com/acassen/keepalived/pull/961",
"refsource" : "MISC",
"url" : "https://github.com/acassen/keepalived/pull/961"
},
{
"name" : "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9",
"refsource" : "MISC",
"url" : "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9"
}
]
}
}