admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-07 21:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-10-23 10:05:10 -04:00
parent 340ff01ebd
commit 040115e672
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 238 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
2018/13xxx/CVE-2018-13400.json
View File

@ -1,117 +1,119 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-13400",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-10-23T00:00:00",
"ID" : "CVE-2018-13400",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Jira",
"version": {
"version_data": [
"product_name" : "Jira",
"version" : {
"version_data" : [
{
"version_value": "7.6.9",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.6.9"
},
{
"version_value": "7.7.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.7.0"
},
{
"version_value": "7.7.5",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.7.5"
},
{
"version_value": "7.8.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.8.0"
},
{
"version_value": "7.8.5",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.8.5"
},
{
"version_value": "7.9.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.9.0"
},
{
"version_value": "7.9.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.9.3"
},
{
"version_value": "7.10.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.10.0"
},
{
"version_value": "7.10.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.10.3"
},
{
"version_value": "7.11.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.11.0"
},
{
"version_value": "7.11.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.11.3"
},
{
"version_value": "7.12.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.12.0"
},
{
"version_value": "7.12.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.12.3"
},
{
"version_value": "7.13.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.13.0"
},
{
"version_value": "7.13.1",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.13.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"vendor_name" : "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass \"WebSudo\" through an improper access control vulnerability."
"lang" : "eng",
"value" : "Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass \"WebSudo\" through an improper access control vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Improper Access Control"
"lang" : "eng",
"value" : "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-68138"
"name" : "https://jira.atlassian.com/browse/JRASERVER-68138",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-68138"
}
]
}

120
2018/13xxx/CVE-2018-13401.json
View File

@ -1,117 +1,119 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-13401",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-10-23T00:00:00",
"ID" : "CVE-2018-13401",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Jira",
"version": {
"version_data": [
"product_name" : "Jira",
"version" : {
"version_data" : [
{
"version_value": "7.6.9",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.6.9"
},
{
"version_value": "7.7.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.7.0"
},
{
"version_value": "7.7.5",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.7.5"
},
{
"version_value": "7.8.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.8.0"
},
{
"version_value": "7.8.5",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.8.5"
},
{
"version_value": "7.9.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.9.0"
},
{
"version_value": "7.9.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.9.3"
},
{
"version_value": "7.10.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.10.0"
},
{
"version_value": "7.10.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.10.3"
},
{
"version_value": "7.11.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.11.0"
},
{
"version_value": "7.11.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.11.3"
},
{
"version_value": "7.12.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.12.0"
},
{
"version_value": "7.12.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.12.3"
},
{
"version_value": "7.13.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.13.0"
},
{
"version_value": "7.13.1",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.13.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"vendor_name" : "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability."
"lang" : "eng",
"value" : "The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site ('Open Redirect')"
"lang" : "eng",
"value" : "URL Redirection to Untrusted Site ('Open Redirect')"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-68139"
"name" : "https://jira.atlassian.com/browse/JRASERVER-68139",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-68139"
}
]
}

120
2018/13xxx/CVE-2018-13402.json
View File

@ -1,117 +1,119 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-13402",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-10-23T00:00:00",
"ID" : "CVE-2018-13402",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Jira",
"version": {
"version_data": [
"product_name" : "Jira",
"version" : {
"version_data" : [
{
"version_value": "7.6.9",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.6.9"
},
{
"version_value": "7.7.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.7.0"
},
{
"version_value": "7.7.5",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.7.5"
},
{
"version_value": "7.8.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.8.0"
},
{
"version_value": "7.8.5",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.8.5"
},
{
"version_value": "7.9.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.9.0"
},
{
"version_value": "7.9.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.9.3"
},
{
"version_value": "7.10.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.10.0"
},
{
"version_value": "7.10.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.10.3"
},
{
"version_value": "7.11.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.11.0"
},
{
"version_value": "7.11.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.11.3"
},
{
"version_value": "7.12.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.12.0"
},
{
"version_value": "7.12.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.12.3"
},
{
"version_value": "7.13.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.13.0"
},
{
"version_value": "7.13.1",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.13.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"vendor_name" : "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability."
"lang" : "eng",
"value" : "Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site ('Open Redirect')"
"lang" : "eng",
"value" : "URL Redirection to Untrusted Site ('Open Redirect')"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-68140"
"name" : "https://jira.atlassian.com/browse/JRASERVER-68140",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-68140"
}
]
}

8
2018/15xxx/CVE-2018-15366.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
"value" : "A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
@ -53,12 +53,18 @@
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1293/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1293/"
},
{
"name" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"name" : "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
}
]

8
2018/15xxx/CVE-2018-15367.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
"value" : "A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
@ -53,12 +53,18 @@
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1294/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1294/"
},
{
"name" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"name" : "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
}
]

8
2018/18xxx/CVE-2018-18327.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
"value" : "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
@ -53,12 +53,18 @@
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1295/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1295/"
},
{
"name" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"name" : "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
}
]

8
2018/18xxx/CVE-2018-18328.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
"value" : "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
@ -53,12 +53,18 @@
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1296/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1296/"
},
{
"name" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"name" : "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
}
]

8
2018/18xxx/CVE-2018-18329.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
"value" : "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
@ -53,12 +53,18 @@
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1297/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1297/"
},
{
"name" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"name" : "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
}
]

18
2018/18xxx/CVE-2018-18588.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18588",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2018/7xxx/CVE-2018-7911.json
View File

@ -53,6 +53,8 @@
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en"
}
]