admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #71 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2018-11-15 10:07:15 -05:00 committed by GitHub
commit 0ea1cb2301
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
464 changed files with 20776 additions and 1197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2015/9xxx/CVE-2015-9274.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-9274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7",
"refsource" : "MISC",
"url" : "https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7"
}
]
}
}

5
2016/1xxx/CVE-2016-1238.json
View File

@ -62,6 +62,11 @@
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E"
},
{
"name" : "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name" : "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab",
"refsource" : "CONFIRM",

5
2016/9xxx/CVE-2016-9588.json
View File

@ -87,6 +87,11 @@
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name" : "USN-3822-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3822-2/"
},
{
"name" : "94933",
"refsource" : "BID",

5
2017/1000xxx/CVE-2017-1000083.json
View File

@ -53,6 +53,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "45824",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45824/"
},
{
"name" : "http://seclists.org/oss-sec/2017/q3/128",
"refsource" : "MISC",

20
2017/13xxx/CVE-2017-13168.json
View File

@ -67,6 +67,26 @@
"name" : "USN-3753-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3753-2/"
},
{
"name" : "USN-3820-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3820-1/"
},
{
"name" : "USN-3820-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3820-2/"
},
{
"name" : "USN-3820-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3820-3/"
},
{
"name" : "USN-3822-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3822-2/"
}
]
}

5
2017/15xxx/CVE-2017-15139.json
View File

@ -71,6 +71,11 @@
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139"
},
{
"name" : "RHSA-2018:3601",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3601"
}
]
}

10
2017/15xxx/CVE-2017-15705.json
View File

@ -58,6 +58,11 @@
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E"
},
{
"name" : "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name" : "RHSA-2018:2916",
"refsource" : "REDHAT",
@ -68,6 +73,11 @@
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3811-1/"
},
{
"name" : "USN-3811-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3811-2/"
},
{
"name" : "105347",
"refsource" : "BID",

5
2017/16xxx/CVE-2017-16649.json
View File

@ -92,6 +92,11 @@
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3619-2/"
},
{
"name" : "USN-3822-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3822-2/"
},
{
"name" : "101761",
"refsource" : "BID",

20
2017/18xxx/CVE-2017-18344.json
View File

@ -87,6 +87,26 @@
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3459"
},
{
"name" : "RHSA-2018:3540",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3540"
},
{
"name" : "RHSA-2018:3586",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3586"
},
{
"name" : "RHSA-2018:3590",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3590"
},
{
"name" : "RHSA-2018:3591",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3591"
},
{
"name" : "USN-3742-1",
"refsource" : "UBUNTU",

5
2017/7xxx/CVE-2017-7519.json
View File

@ -67,6 +67,11 @@
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7519"
},
{
"name" : "DSA-4339",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4339"
},
{
"name" : "99075",
"refsource" : "BID",

80
2018/0xxx/CVE-2018-0673.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0673",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://cs.cybozu.co.jp/2018/006717.html"
},
{
"url": "http://jvn.jp/en/jp/JVN12583112/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "3.5.0 to 4.6.3"
}
]
},
"product_name": "Cybozu Garoon"
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0673",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
}
}

80
2018/0xxx/CVE-2018-0679.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0679",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.fxc.jp/news/20171228.html"
},
{
"url": "http://jvn.jp/en/jp/JVN68528150/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions"
}
]
},
"product_name": "multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions)"
}
]
},
"vendor_name": "FXC Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0679",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}

83
2018/0xxx/CVE-2018-0680.json Normal file → Executable file
View File

@ -1,18 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0680",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0680",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
}
}

83
2018/0xxx/CVE-2018-0681.json Normal file → Executable file
View File

@ -1,18 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0681",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to login to the Management page and change the configuration."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0681",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
}
}

83
2018/0xxx/CVE-2018-0682.json Normal file → Executable file
View File

@ -1,18 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0682",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0682",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to manage sessions"
}
]
}
]
}
}

83
2018/0xxx/CVE-2018-0683.json Normal file → Executable file
View File

@ -1,18 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0683",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via Cookie data."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0683",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
}
}

83
2018/0xxx/CVE-2018-0684.json Normal file → Executable file
View File

@ -1,18 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0684",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via multipart/form-data format data."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier"
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0684",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
}
}

83
2018/0xxx/CVE-2018-0685.json Normal file → Executable file
View File

@ -1,18 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0685",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R4.0 and earlier"
}
]
},
"product_name": "Denbun POP version V3.3P R4.0 and earlier"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0685",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
}
}

83
2018/0xxx/CVE-2018-0686.json Normal file → Executable file
View File

@ -1,18 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0686",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0686",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type"
}
]
}
]
}
}

83
2018/0xxx/CVE-2018-0687.json Normal file → Executable file
View File

@ -1,18 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0687",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0687",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}

80
2018/0xxx/CVE-2018-0690.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0690",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://musiccenter.sony.net/en/downloads/update.php"
},
{
"url": "http://jvn.jp/en/jp/JVN36623716/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "version 1.0.02 and earlier"
}
]
},
"product_name": "Music Center for PC"
}
]
},
"vendor_name": "Sony Video & Sound Products Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0690",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code injection"
}
]
}
]
}
}

86
2018/0xxx/CVE-2018-0691.json Normal file → Executable file
View File

@ -1,18 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0691",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.softbank.jp/mobile/info/personal/news/service/20180927a/"
},
{
"url": "https://www.nttdocomo.co.jp/info/notice/page/180927_00.html"
},
{
"url": "https://www.au.com/information/notice_mobile/service/2018-002/"
},
{
"url": "http://jvn.jp/en/jp/JVN37288228/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23"
}
]
},
"product_name": "Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23)"
}
]
},
"vendor_name": "Softbank, NTT docomo, KDDI"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0691",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
}
}

77
2018/0xxx/CVE-2018-0692.json Normal file → Executable file
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0692",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://jvn.jp/en/jp/JVN77885134/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Version 43.23.1000.500 and earlier"
}
]
},
"product_name": "Baidu Browser"
}
]
},
"vendor_name": "Baidu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0692",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
}
}

80
2018/0xxx/CVE-2018-0693.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0693",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.soliton.co.jp/support/2018/003328.html"
},
{
"url": "http://jvn.jp/en/jp/JVN95355683/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbtrary file in the specific directory in FileZen via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "V3.0.0 to V4.2.1"
}
]
},
"product_name": "FileZen"
}
]
},
"vendor_name": "Soliton Systems K.K."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0693",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
}
}

80
2018/0xxx/CVE-2018-0694.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0694",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.soliton.co.jp/support/2018/003328.html"
},
{
"url": "http://jvn.jp/en/jp/JVN95355683/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "V3.0.0 to V4.2.1"
}
]
},
"product_name": "FileZen"
}
]
},
"vendor_name": "Soliton Systems K.K."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0694",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
}
}

80
2018/0xxx/CVE-2018-0695.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0695",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.usvn.info/2018/10/02/usvn-1.0.8"
},
{
"url": "http://jvn.jp/en/jp/JVN73794686/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Version 1.0.7 and earlier"
}
]
},
"product_name": "User-friendly SVN (USVN)"
}
]
},
"vendor_name": "USVN Team"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0695",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}

80
2018/0xxx/CVE-2018-0697.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0697",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://metabase.com/"
},
{
"url": "http://jvn.jp/en/jp/JVN14323043/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "version 0.29.3 and earlier"
}
]
},
"product_name": "Metabase"
}
]
},
"vendor_name": "Metabase, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0697",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}

80
2018/0xxx/CVE-2018-0699.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0699",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.hyuki.com/yukiwiki/"
},
{
"url": "http://jvn.jp/en/jp/JVN36343375/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.1.3 and earlier"
}
]
},
"product_name": "YukiWiki"
}
]
},
"vendor_name": "Hiroshi Yuki"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0699",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}

80
2018/0xxx/CVE-2018-0700.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0700",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.hyuki.com/yukiwiki/"
},
{
"url": "http://jvn.jp/en/jp/JVN36343375/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.1.3 and earlier"
}
]
},
"product_name": "YukiWiki"
}
]
},
"vendor_name": "Hiroshi Yuki"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0700",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
}
}

80
2018/0xxx/CVE-2018-0701.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0701",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://support.bluestacks.com/hc/en-us/articles/360018274091"
},
{
"url": "http://jvn.jp/en/jp/JVN60702986/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later)"
}
]
},
"product_name": "BlueStacks App Player"
}
]
},
"vendor_name": "BlueStacks"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0701",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
}
}

5
2018/1000xxx/CVE-2018-1000030.json
View File

@ -89,6 +89,11 @@
"name" : "GLSA-201811-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-02"
},
{
"name" : "USN-3817-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3817-1/"
}
]
}

5
2018/1000xxx/CVE-2018-1000802.json
View File

@ -89,6 +89,11 @@
"name" : "DSA-4306",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4306"
},
{
"name" : "USN-3817-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3817-1/"
}
]
}

15
2018/10xxx/CVE-2018-10675.json
View File

@ -107,6 +107,21 @@
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2933"
},
{
"name" : "RHSA-2018:3540",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3540"
},
{
"name" : "RHSA-2018:3586",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3586"
},
{
"name" : "RHSA-2018:3590",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3590"
},
{
"name" : "USN-3754-1",
"refsource" : "UBUNTU",

5
2018/10xxx/CVE-2018-10858.json
View File

@ -117,6 +117,11 @@
"name" : "105085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105085"
},
{
"name" : "1042002",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042002"
}
]
}

5
2018/10xxx/CVE-2018-10861.json
View File

@ -68,6 +68,11 @@
"refsource" : "CONFIRM",
"url" : "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc"
},
{
"name" : "DSA-4339",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4339"
},
{
"name" : "RHSA-2018:2177",
"refsource" : "REDHAT",

10
2018/10xxx/CVE-2018-10880.json
View File

@ -91,6 +91,16 @@
"name" : "RHSA-2018:2948",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name" : "USN-3821-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-1/"
},
{
"name" : "USN-3821-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-2/"
}
]
}

15
2018/10xxx/CVE-2018-10894.json
View File

@ -66,6 +66,21 @@
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894"
},
{
"name" : "RHSA-2018:3592",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"name" : "RHSA-2018:3593",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"name" : "RHSA-2018:3595",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3595"
}
]
}

5
2018/10xxx/CVE-2018-10903.json
View File

@ -72,6 +72,11 @@
"refsource" : "CONFIRM",
"url" : "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef"
},
{
"name" : "RHSA-2018:3600",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"name" : "USN-3720-1",
"refsource" : "UBUNTU",

5
2018/11xxx/CVE-2018-11759.json
View File

@ -56,6 +56,11 @@
"name" : "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E",
"refsource" : "MISC",
"url" : "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E"
},
{
"name" : "105888",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105888"
}
]
}

5
2018/11xxx/CVE-2018-11780.json
View File

@ -58,6 +58,11 @@
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E"
},
{
"name" : "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name" : "USN-3811-1",
"refsource" : "UBUNTU",

5
2018/11xxx/CVE-2018-11781.json
View File

@ -58,6 +58,11 @@
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E"
},
{
"name" : "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name" : "RHSA-2018:2916",
"refsource" : "REDHAT",

50
2018/12xxx/CVE-2018-12174.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2018-12174",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel Parallel Studio XE 2018",
"version" : {
"version_data" : [
{
"version_value" : "Update 3 and before"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE 2018 Update 3 may allow an authenticated user to potentially escalate privileges via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00180.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00180.html"
}
]
}

111
2018/12xxx/CVE-2018-12416.json
View File

@ -1,8 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2018-11-13T17:00:00.000Z",
"ID" : "CVE-2018-12416",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO DataSynapse GridServer Manager",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "5.2.0"
},
{
"affected" : "=",
"version_value" : "6.0.0"
},
{
"affected" : "=",
"version_value" : "6.0.1"
},
{
"affected" : "=",
"version_value" : "6.0.2"
},
{
"affected" : "=",
"version_value" : "6.1.0"
},
{
"affected" : "=",
"version_value" : "6.1.1"
},
{
"affected" : "=",
"version_value" : "6.2.0"
},
{
"affected" : "=",
"version_value" : "6.3.0"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +65,59 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.1,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "LOW",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "The impact of this vulnerability includes the theoretical possibility that a malicious actor could gain full access to the web interface of the affected components."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-13-2018-tibco-datasynapse-gridserver-manager",
"refsource" : "CONFIRM",
"url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-13-2018-tibco-datasynapse-gridserver-manager"
},
{
"name" : "105913",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105913"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO DataSynapse GridServer Manager versions 5.2.0 and below update to version 5.2.1 or higher\nTIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0 update to version 6.3.1 or higher\n\n"
}
],
"source" : {
"discovery" : "UNKNOWN"
}
}

74
2018/12xxx/CVE-2018-12480.json
View File

@ -1,9 +1,42 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC" : "2018-11-12T01:00:00.000Z",
"ID" : "CVE-2018-12480",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "NetIQ Access Manager XSS vulnerability in versions prior to 4.4 SP3"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NetIQ Access Manager (NAM)",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "NetIQ Access Manager",
"version_value" : "4.4 SP3"
}
]
}
}
]
},
"vendor_name" : "NetIQ eDirectory"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "\n\n"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
@ -11,8 +44,43 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XSS"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.microfocus.com/kb/doc.php?id=7023513",
"refsource" : "CONFIRM",
"url" : "https://support.microfocus.com/kb/doc.php?id=7023513"
},
{
"name" : "https://www.netiq.com/documentation/access-manager-44/accessmanager443-release-notes/data/accessmanager443-release-notes.html#b149i4n6",
"refsource" : "CONFIRM",
"url" : "https://www.netiq.com/documentation/access-manager-44/accessmanager443-release-notes/data/accessmanager443-release-notes.html#b149i4n6"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "Upgrade to NetIQ Access Manager versions prior to 4.4 SP3."
}
],
"source" : {
"discovery" : "INTERNAL"
}
}

55
2018/12xxx/CVE-2018-12543.json
View File

@ -1,8 +1,36 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "emo@eclipse.org",
"ID" : "CVE-2018-12543",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Eclipse Mosquitto",
"version" : {
"version_data" : [
{
"version_affected" : ">=",
"version_value" : "1.5"
},
{
"version_affected" : "<=",
"version_value" : "1.5.2"
}
]
}
}
]
},
"vendor_name" : "The Eclipse Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +39,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-617: Reachable Assertion"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539295",
"refsource" : "CONFIRM",
"url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539295"
}
]
}

10
2018/13xxx/CVE-2018-13053.json
View File

@ -62,6 +62,16 @@
"refsource" : "MISC",
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef"
},
{
"name" : "USN-3821-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-1/"
},
{
"name" : "USN-3821-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-2/"
},
{
"name" : "104671",
"refsource" : "BID",

10
2018/13xxx/CVE-2018-13096.json
View File

@ -61,6 +61,16 @@
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34",
"refsource" : "MISC",
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34"
},
{
"name" : "USN-3821-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-1/"
},
{
"name" : "USN-3821-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-2/"
}
]
}

10
2018/14xxx/CVE-2018-14609.json
View File

@ -72,6 +72,16 @@
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4308"
},
{
"name" : "USN-3821-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-1/"
},
{
"name" : "USN-3821-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-2/"
},
{
"name" : "104917",
"refsource" : "BID",

10
2018/14xxx/CVE-2018-14617.json
View File

@ -72,6 +72,16 @@
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4308"
},
{
"name" : "USN-3821-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-1/"
},
{
"name" : "USN-3821-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-2/"
},
{
"name" : "104917",
"refsource" : "BID",

5
2018/14xxx/CVE-2018-14627.json
View File

@ -86,6 +86,11 @@
"name" : "RHSA-2018:3529",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3529"
},
{
"name" : "RHSA-2018:3595",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3595"
}
]
}

20
2018/14xxx/CVE-2018-14634.json
View File

@ -107,6 +107,26 @@
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2933"
},
{
"name" : "RHSA-2018:3540",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3540"
},
{
"name" : "RHSA-2018:3586",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3586"
},
{
"name" : "RHSA-2018:3590",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3590"
},
{
"name" : "RHSA-2018:3591",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3591"
},
{
"name" : "USN-3775-2",
"refsource" : "UBUNTU",

5
2018/14xxx/CVE-2018-14647.json
View File

@ -90,6 +90,11 @@
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4307"
},
{
"name" : "USN-3817-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3817-1/"
},
{
"name" : "105396",
"refsource" : "BID",

75
2018/14xxx/CVE-2018-14655.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-14655",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "keycloak",
"version" : {
"version_data" : [
{
"version_value" : "3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final"
}
]
}
}
]
},
"vendor_name" : "Red Hat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,53 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.6/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655"
},
{
"name" : "RHSA-2018:3592",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"name" : "RHSA-2018:3593",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"name" : "RHSA-2018:3595",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3595"
}
]
}

75
2018/14xxx/CVE-2018-14657.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-14657",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "keycloak",
"version" : {
"version_data" : [
{
"version_value" : "4.2.1.Final, 4.3.0.Final"
}
]
}
}
]
},
"vendor_name" : "Red Hat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,53 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-287"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657"
},
{
"name" : "RHSA-2018:3592",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"name" : "RHSA-2018:3593",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"name" : "RHSA-2018:3595",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3595"
}
]
}

75
2018/14xxx/CVE-2018-14658.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-14658",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "keycloak",
"version" : {
"version_data" : [
{
"version_value" : "3.2.1.Final"
}
]
}
}
]
},
"vendor_name" : "Red Hat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,53 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack"
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-601"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658"
},
{
"name" : "RHSA-2018:3592",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"name" : "RHSA-2018:3593",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"name" : "RHSA-2018:3595",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3595"
}
]
}

5
2018/14xxx/CVE-2018-14665.json
View File

@ -72,6 +72,11 @@
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45742/"
},
{
"name" : "45832",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45832/"
},
{
"name" : "[xorg-announce] 20181025 X.Org security advisory: October 25, 2018",
"refsource" : "MLIST",

5
2018/14xxx/CVE-2018-14667.json
View File

@ -82,6 +82,11 @@
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3519"
},
{
"name" : "RHSA-2018:3581",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3581"
},
{
"name" : "1042037",
"refsource" : "SECTRACK",

5
2018/15xxx/CVE-2018-15437.json
View File

@ -67,6 +67,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "45829",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45829/"
},
{
"name" : "20181107 Cisco Immunet and Cisco AMP for Endpoints System Scan Denial of Service Vulnerability",
"refsource" : "CISCO",

171
2018/15xxx/CVE-2018-15452.json
View File

@ -1,86 +1,91 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-10-29T16:00:00-0500",
"ID": "CVE-2018-15452",
"STATE": "PUBLIC",
"TITLE": "Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco AMP for Endpoints ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-29T16:00:00-0500",
"ID" : "CVE-2018-15452",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco AMP for Endpoints ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system's scanning services and ultimately prevent the system from being protected from further intrusion. There are no workarounds that address this vulnerability."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\n"
}
],
"impact" : {
"cvss" : {
"baseScore" : "6.7",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\n",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-427"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system.\nThe vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system's scanning services and ultimately prevent the system from being protected from further intrusion.\nThere are no workarounds that address this vulnerability.\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181029-amp-dll"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\n"
}
],
"impact": {
"cvss": {
"baseScore": "6.7",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\n",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181029 Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181029-amp-dll"
}
]
},
"source": {
"advisory": "cisco-sa-20181029-amp-dll",
"defect": [
[
"CSCvm93525"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181029 Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181029-amp-dll"
},
{
"name" : "105759",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105759"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181029-amp-dll",
"defect" : [
[
"CSCvm93525"
]
],
"discovery" : "INTERNAL"
}
}

20
2018/15xxx/CVE-2018-15471.json
View File

@ -66,6 +66,26 @@
"name" : "DSA-4313",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4313"
},
{
"name" : "USN-3819-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3819-1/"
},
{
"name" : "USN-3820-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3820-1/"
},
{
"name" : "USN-3820-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3820-2/"
},
{
"name" : "USN-3820-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3820-3/"
}
]
}

51
2018/15xxx/CVE-2018-15708.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-11-13T00:00:00",
"ID" : "CVE-2018-15708",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nagios XI",
"version" : {
"version_data" : [
{
"version_value" : "5.5.6"
}
]
}
}
]
},
"vendor_name" : "Nagios"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-37",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-37"
}
]
}

51
2018/15xxx/CVE-2018-15709.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-11-13T00:00:00",
"ID" : "CVE-2018-15709",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nagios XI",
"version" : {
"version_data" : [
{
"version_value" : "5.5.6"
}
]
}
}
]
},
"vendor_name" : "Nagios"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-37",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-37"
}
]
}

51
2018/15xxx/CVE-2018-15710.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-11-13T00:00:00",
"ID" : "CVE-2018-15710",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nagios XI",
"version" : {
"version_data" : [
{
"version_value" : "5.5.6"
}
]
}
}
]
},
"vendor_name" : "Nagios"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-37",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-37"
}
]
}

51
2018/15xxx/CVE-2018-15711.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-11-13T00:00:00",
"ID" : "CVE-2018-15711",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nagios XI",
"version" : {
"version_data" : [
{
"version_value" : "5.5.6"
}
]
}
}
]
},
"vendor_name" : "Nagios"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-37",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-37"
}
]
}

51
2018/15xxx/CVE-2018-15712.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-11-13T00:00:00",
"ID" : "CVE-2018-15712",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nagios XI",
"version" : {
"version_data" : [
{
"version_value" : "5.5.6"
}
]
}
}
]
},
"vendor_name" : "Nagios"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-37",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-37"
}
]
}

51
2018/15xxx/CVE-2018-15713.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-11-13T00:00:00",
"ID" : "CVE-2018-15713",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nagios XI",
"version" : {
"version_data" : [
{
"version_value" : "5.5.6"
}
]
}
}
]
},
"vendor_name" : "Nagios"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-37",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-37"
}
]
}

51
2018/15xxx/CVE-2018-15714.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-11-13T00:00:00",
"ID" : "CVE-2018-15714",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nagios XI",
"version" : {
"version_data" : [
{
"version_value" : "5.5.6"
}
]
}
}
]
},
"vendor_name" : "Nagios"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-37",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-37"
}
]
}

88
2018/15xxx/CVE-2018-15771.json
View File

@ -1,78 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-11-09T05:00:00.000Z",
"ID": "CVE-2018-15771",
"STATE": "PUBLIC",
"TITLE": "Dell EMC RecoverPoint Information Disclosure Vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-11-09T05:00:00.000Z",
"ID" : "CVE-2018-15771",
"STATE" : "PUBLIC",
"TITLE" : "Dell EMC RecoverPoint Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Dell EMC RecoverPoint",
"version": {
"version_data": [
"product_name" : "Dell EMC RecoverPoint",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "5.1.2.1"
"affected" : "<",
"version_value" : "5.1.2.1"
}
]
}
},
{
"product_name": "Dell EMC RecoverPoint Virtual Machine (VM)",
"version": {
"version_data": [
"product_name" : "Dell EMC RecoverPoint Virtual Machine (VM)",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "5.2.0.2"
"affected" : "<",
"version_value" : "5.2.0.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI."
"lang" : "eng",
"value" : "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "information disclosure vulnerability"
"lang" : "eng",
"value" : "information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/34"
"name" : "20181108 DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Nov/34"
},
{
"name" : "105916",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105916"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

88
2018/15xxx/CVE-2018-15772.json
View File

@ -1,78 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-11-09T05:00:00.000Z",
"ID": "CVE-2018-15772",
"STATE": "PUBLIC",
"TITLE": "Dell EMC RecoverPoint Uncontrolled Resource Consumption Vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-11-09T05:00:00.000Z",
"ID" : "CVE-2018-15772",
"STATE" : "PUBLIC",
"TITLE" : "Dell EMC RecoverPoint Uncontrolled Resource Consumption Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Dell EMC RecoverPoint",
"version": {
"version_data": [
"product_name" : "Dell EMC RecoverPoint",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "5.1.2.1"
"affected" : "<",
"version_value" : "5.1.2.1"
}
]
}
},
{
"product_name": "Dell EMC RecoverPoint Virtual Machine (VM)",
"version": {
"version_data": [
"product_name" : "Dell EMC RecoverPoint Virtual Machine (VM)",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "5.2.0.2"
"affected" : "<",
"version_value" : "5.2.0.2"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.."
"lang" : "eng",
"value" : "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "uncontrolled resource consumption vulnerability"
"lang" : "eng",
"value" : "uncontrolled resource consumption vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/34"
"name" : "20181108 DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Nov/34"
},
{
"name" : "105916",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105916"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

108
2018/15xxx/CVE-2018-15795.json
View File

@ -1,84 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-11-09T08:00:00.000Z",
"ID": "CVE-2018-15795",
"STATE": "PUBLIC",
"TITLE": "CredHub Service Broker uses guessable client secret"
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-11-09T08:00:00.000Z",
"ID" : "CVE-2018-15795",
"STATE" : "PUBLIC",
"TITLE" : "CredHub Service Broker uses guessable client secret"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "CredHub Service Broker",
"version": {
"version_data": [
"product_name" : "CredHub Service Broker",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "all versions",
"version_value": "1.1.0"
"affected" : "<",
"version_name" : "all versions",
"version_value" : "1.1.0"
}
]
}
}
]
},
"vendor_name": "Pivotal Cloud Foundry"
"vendor_name" : "Pivotal Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service."
"lang" : "eng",
"value" : "Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 8.1,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Predictability problems"
"lang" : "eng",
"value" : "Predictability problems"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15795"
"name" : "https://pivotal.io/security/cve-2018-15795",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-15795"
},
{
"name" : "105915",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105915"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

77
2018/16xxx/CVE-2018-16160.json Normal file → Executable file
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16160",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://jvn.jp/en/jp/JVN21528670/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Version 2.x"
}
]
},
"product_name": "SecureCore Standard Edition"
}
]
},
"vendor_name": "Feitian Japan Co., Ltd"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-16160",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
}
}

80
2018/16xxx/CVE-2018-16161.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16161",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.opendolphin.com/security20181023.html"
},
{
"url": "http://jvn.jp/en/jp/JVN59394343/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.7.0 and earlier"
}
]
},
"product_name": "OpenDolphin"
}
]
},
"vendor_name": "Life Sciences Computing Corporation"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-16161",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
}
}

80
2018/16xxx/CVE-2018-16162.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16162",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.opendolphin.com/security20181023.html"
},
{
"url": "http://jvn.jp/en/jp/JVN59394343/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.7.0 and earlier"
}
]
},
"product_name": "OpenDolphin"
}
]
},
"vendor_name": "Life Sciences Computing Corporation"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-16162",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
}
}

80
2018/16xxx/CVE-2018-16163.json Normal file → Executable file
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16163",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.opendolphin.com/security20181023.html"
},
{
"url": "http://jvn.jp/en/jp/JVN59394343/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.7.0 and earlier"
}
]
},
"product_name": "OpenDolphin"
}
]
},
"vendor_name": "Life Sciences Computing Corporation"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-16163",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
}
}

10
2018/16xxx/CVE-2018-16276.json
View File

@ -67,6 +67,16 @@
"refsource" : "MISC",
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7"
},
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1106095",
"refsource" : "MISC",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1106095"
},
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1115593",
"refsource" : "MISC",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1115593"
},
{
"name" : "https://github.com/torvalds/linux/commit/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679",
"refsource" : "MISC",

50
2018/16xxx/CVE-2018-16470.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2018-16470",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rack",
"version" : {
"version_data" : [
{
"version_value" : "2.0.6"
}
]
}
}
]
},
"vendor_name" : "Rack"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service (CWE-400)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ",
"refsource" : "MISC",
"url" : "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ"
}
]
}

50
2018/16xxx/CVE-2018-16471.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2018-16471",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rack",
"version" : {
"version_data" : [
{
"version_value" : "2.0.6, 1.6.11"
}
]
}
}
]
},
"vendor_name" : "Rack"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site Scripting (XSS) - Stored (CWE-79)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag",
"refsource" : "MISC",
"url" : "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag"
}
]
}

20
2018/16xxx/CVE-2018-16658.json
View File

@ -87,6 +87,26 @@
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3797-2/"
},
{
"name" : "USN-3820-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3820-1/"
},
{
"name" : "USN-3820-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3820-2/"
},
{
"name" : "USN-3820-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3820-3/"
},
{
"name" : "USN-3822-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3822-2/"
},
{
"name" : "105334",
"refsource" : "BID",

83
2018/16xxx/CVE-2018-16850.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-16850",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "postgresql",
"version" : {
"version_data" : [
{
"version_value" : "11.1"
},
{
"version_value" : "10.6"
}
]
}
}
]
},
"vendor_name" : "The PostgreSQL Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +37,58 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "8/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-89"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16850"
},
{
"name" : "https://www.postgresql.org/about/news/1905/",
"refsource" : "CONFIRM",
"url" : "https://www.postgresql.org/about/news/1905/"
},
{
"name" : "USN-3818-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3818-1/"
},
{
"name" : "105923",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105923"
},
{
"name" : "1042144",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042144"
}
]
}

60
2018/17xxx/CVE-2018-17187.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2018-17187",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Qpid Proton-J",
"version" : {
"version_data" : [
{
"version_value" : "Apache Qpid Proton-J 0.3 to 0.29.0"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Hostname verification support not implemented, exception thrown if configured."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://issues.apache.org/jira/browse/PROTON-1962",
"refsource" : "MISC",
"url" : "https://issues.apache.org/jira/browse/PROTON-1962"
},
{
"name" : "https://mail-archives.apache.org/mod_mbox/qpid-users/201811.mbox/%3CCAFitrpQSV73Vz7rJYfLJK7gvEymZSCR5ooWUeU8j4jzRydk-eg%40mail.gmail.com%3E",
"refsource" : "MISC",
"url" : "https://mail-archives.apache.org/mod_mbox/qpid-users/201811.mbox/%3CCAFitrpQSV73Vz7rJYfLJK7gvEymZSCR5ooWUeU8j4jzRydk-eg%40mail.gmail.com%3E"
},
{
"name" : "https://qpid.apache.org/cves/CVE-2018-17187.html",
"refsource" : "MISC",
"url" : "https://qpid.apache.org/cves/CVE-2018-17187.html"
}
]
}

71
2018/17xxx/CVE-2018-17462.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17462",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/888926",
"refsource" : "MISC",
"url" : "https://crbug.com/888926"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17463.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17463",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/888923",
"refsource" : "MISC",
"url" : "https://crbug.com/888923"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17464.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17464",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/887273",
"refsource" : "MISC",
"url" : "https://crbug.com/887273"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17465.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17465",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Uninitialized Use"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/870226",
"refsource" : "MISC",
"url" : "https://crbug.com/870226"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17466.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17466",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds read"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/880906",
"refsource" : "MISC",
"url" : "https://crbug.com/880906"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17467.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17467",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/844881",
"refsource" : "MISC",
"url" : "https://crbug.com/844881"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17468.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17468",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/876822",
"refsource" : "MISC",
"url" : "https://crbug.com/876822"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17469.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17469",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap buffer overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/880675",
"refsource" : "MISC",
"url" : "https://crbug.com/880675"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17471.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17471",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/873080",
"refsource" : "MISC",
"url" : "https://crbug.com/873080"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

61
2018/17xxx/CVE-2018-17472.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17472",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/822518",
"refsource" : "MISC",
"url" : "https://crbug.com/822518"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17473.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17473",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/882078",
"refsource" : "MISC",
"url" : "https://crbug.com/882078"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17474.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17474",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/843151",
"refsource" : "MISC",
"url" : "https://crbug.com/843151"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17475.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17475",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/852634",
"refsource" : "MISC",
"url" : "https://crbug.com/852634"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17476.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17476",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/812769",
"refsource" : "MISC",
"url" : "https://crbug.com/812769"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

71
2018/17xxx/CVE-2018-17477.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17477",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/863703",
"refsource" : "MISC",
"url" : "https://crbug.com/863703"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}

55
2018/17xxx/CVE-2018-17614.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17614",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Losant Arduino MQTT Client",
"version" : {
"version_data" : [
{
"version_value" : "prior to V2.7"
}
]
}
}
]
},
"vendor_name" : "Losant"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6436."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121-Stack-based Buffer Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/knolleary/pubsubclient/releases/tag/v2.7",
"refsource" : "MISC",
"url" : "https://github.com/knolleary/pubsubclient/releases/tag/v2.7"
},
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-1337",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-1337"
}
]
}

53
2018/17xxx/CVE-2018-17960.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17960",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/",
"refsource" : "MISC",
"url" : "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/"
},
{
"name" : "https://ckeditor.com/cke4/release/CKEditor-4.11.0",
"refsource" : "MISC",
"url" : "https://ckeditor.com/cke4/release/CKEditor-4.11.0"
}
]
}

10
2018/17xxx/CVE-2018-17972.json
View File

@ -57,6 +57,16 @@
"refsource" : "MISC",
"url" : "https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2"
},
{
"name" : "USN-3821-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-1/"
},
{
"name" : "USN-3821-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-2/"
},
{
"name" : "105525",
"refsource" : "BID",

10
2018/18xxx/CVE-2018-18021.json
View File

@ -87,6 +87,16 @@
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4313"
},
{
"name" : "USN-3821-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-1/"
},
{
"name" : "USN-3821-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3821-2/"
},
{
"name" : "105550",
"refsource" : "BID",

5
2018/18xxx/CVE-2018-18584.json
View File

@ -86,6 +86,11 @@
"name" : "USN-3814-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3814-2/"
},
{
"name" : "USN-3814-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3814-3/"
}
]
}

Some files were not shown because too many files have changed in this diff Show More