admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-06-21 11:04:32 -04:00
parent 21a08612e8
commit 0629e27e7f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 218 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2018/12xxx/CVE-2018-12526.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12526",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27284",
"refsource" : "MISC",
"url" : "https://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27284"
},
{
"name" : "https://www.fortiguard.com/zeroday/FG-VD-18-106",
"refsource" : "MISC",
"url" : "https://www.fortiguard.com/zeroday/FG-VD-18-106"
}
]
}

62
2018/12xxx/CVE-2018-12615.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8",
"refsource" : "MISC",
"url" : "https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8"
}
]
}
}

18
2018/12xxx/CVE-2018-12616.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12616",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

101
2018/1xxx/CVE-2018-1253.json
View File

@ -1,83 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "Security_Alert@emc.com",
"DATE_PUBLIC": "2018-06-12T05:00:00.000Z",
"ID": "CVE-2018-1253",
"STATE": "PUBLIC",
"TITLE": "Stored cross-site scripting vulnerability "
"CVE_data_meta" : {
"ASSIGNER" : "Security_Alert@emc.com",
"DATE_PUBLIC" : "2018-06-12T05:00:00.000Z",
"ID" : "CVE-2018-1253",
"STATE" : "PUBLIC",
"TITLE" : "Stored cross-site scripting vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Authentication Manager",
"version": {
"version_data": [
"product_name" : "Authentication Manager",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "8.3 P1"
"affected" : "<",
"version_value" : "8.3 P1"
}
]
}
}
]
},
"vendor_name": "RSA"
"vendor_name" : "RSA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting \nvulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store \narbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser."
"lang" : "eng",
"value" : "RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "xss vulnerability"
"lang" : "eng",
"value" : "xss vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2018/Jun/39"
"name" : "20180612 DSA-2018-107: RSA Authentication Manager Cross-site scripting Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jun/39"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

71
2018/1xxx/CVE-2018-1254.json
View File

@ -1,66 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-06-12T04:00:00.000Z",
"ID": "CVE-2018-1254",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-06-12T04:00:00.000Z",
"ID" : "CVE-2018-1254",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "RSA Authentication Manager",
"version": {
"version_data": [
"product_name" : "RSA Authentication Manager",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "8.3 P1"
"affected" : "<=",
"version_value" : "8.3 P1"
}
]
}
}
]
},
"vendor_name": "RSA"
"vendor_name" : "RSA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting \nvulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim \nSecurity Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is \nthen reflected back to the victim and executed by the web browser.Reflected cross-site scripting vulnerability"
"lang" : "eng",
"value" : "RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability"
"lang" : "eng",
"value" : "Reflected cross-site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2018/Jun/39"
"name" : "20180612 DSA-2018-107: RSA Authentication Manager Cross-site scripting Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jun/39"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}