admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #74 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2018-11-20 07:59:34 -05:00 committed by GitHub
commit 141df68bac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 801 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/17xxx/CVE-2017-17044.json
View File

@ -87,6 +87,11 @@
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102129"
},
{
"name" : "105954",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105954"
},
{
"name" : "1039878",
"refsource" : "SECTRACK",

5
2017/17xxx/CVE-2017-17480.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181120 [SECURITY] [DLA 1579-1] openjpeg2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"name" : "https://github.com/uclouvain/openjpeg/issues/1044",
"refsource" : "MISC",

53
2018/10xxx/CVE-2018-10099.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10099",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromium.googlesource.com/infra/infra/+/0ff6b6453b6192987bd9240c1e872a7de5fb1313",
"refsource" : "MISC",
"url" : "https://chromium.googlesource.com/infra/infra/+/0ff6b6453b6192987bd9240c1e872a7de5fb1313"
},
{
"name" : "https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549",
"refsource" : "MISC",
"url" : "https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549"
}
]
}

5
2018/14xxx/CVE-2018-14632.json
View File

@ -81,6 +81,11 @@
"name" : "RHSA-2018:2709",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2709"
},
{
"name" : "RHSA-2018:2908",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2908"
}
]
}

5
2018/15xxx/CVE-2018-15686.json
View File

@ -82,6 +82,11 @@
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45714/"
},
{
"name" : "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"
},
{
"name" : "https://github.com/systemd/systemd/pull/10519",
"refsource" : "MISC",

5
2018/15xxx/CVE-2018-15688.json
View File

@ -77,6 +77,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"
},
{
"name" : "https://github.com/systemd/systemd/pull/10518",
"refsource" : "MISC",

73
2018/15xxx/CVE-2018-15759.json
View File

@ -1,8 +1,35 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-11-15T00:00:00.000Z",
"ID" : "CVE-2018-15759",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "On Demand Services SDK Timing Attack Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "On Demand Services SDK",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "all versions",
"version_value" : "0.24.0"
}
]
}
}
]
},
"vendor_name" : "Pivotal"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +38,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 9.1,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure Through Timing Discrepancy"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2018-15759",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-15759"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}

85
2018/15xxx/CVE-2018-15761.json
View File

@ -1,8 +1,47 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-11-01T00:00:00.000Z",
"ID" : "CVE-2018-15761",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "UAA Privilege Escalation"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "UAA",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "all versions",
"version_value" : "4.23.0"
}
]
}
},
{
"product_name" : "UAA Release",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "all versions",
"version_value" : "64.0"
}
]
}
}
]
},
"vendor_name" : "Cloud Foundry"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +50,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.9,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.cloudfoundry.org/blog/cve-2018-15761/",
"refsource" : "CONFIRM",
"url" : "https://www.cloudfoundry.org/blog/cve-2018-15761/"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}

50
2018/17xxx/CVE-2018-17190.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2018-17190",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Spark",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbitrary Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lists.apache.org/thread.html/341c3187f15cdb0d353261d2bfecf2324d56cb7db1339bfc7b30f6e5@%3Cdev.spark.apache.org%3E",
"refsource" : "MISC",
"url" : "https://lists.apache.org/thread.html/341c3187f15cdb0d353261d2bfecf2324d56cb7db1339bfc7b30f6e5@%3Cdev.spark.apache.org%3E"
}
]
}

55
2018/17xxx/CVE-2018-17906.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2018-17906",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Philips iSite and IntelliSpace PACS",
"version" : {
"version_data" : [
{
"version_value" : "iSite PACS, all versions, and IntelliSpace PACS, all versions."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "WEAK PASSWORD REQUIREMENTS CWE-521"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-312-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-312-01"
},
{
"name" : "105875",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105875"
}
]
}

5
2018/18xxx/CVE-2018-18088.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181120 [SECURITY] [DLA 1579-1] openjpeg2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00018.html"
},
{
"name" : "https://github.com/uclouvain/openjpeg/issues/1152",
"refsource" : "MISC",

5
2018/18xxx/CVE-2018-18438.json
View File

@ -66,6 +66,11 @@
"name" : "[qemu-devel] 20181012 [PATCH v2 07/11] chardev: Let IOReadHandler use unsigned type",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html"
},
{
"name" : "105953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105953"
}
]
}

5
2018/19xxx/CVE-2018-19139.json
View File

@ -56,6 +56,11 @@
"name" : "https://github.com/mdadams/jasper/issues/188",
"refsource" : "MISC",
"url" : "https://github.com/mdadams/jasper/issues/188"
},
{
"name" : "105956",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105956"
}
]
}

5
2018/19xxx/CVE-2018-19288.json
View File

@ -56,6 +56,11 @@
"name" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
"refsource" : "MISC",
"url" : "https://www.manageengine.com/network-monitoring/help/read-me.html"
},
{
"name" : "105960",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105960"
}
]
}

53
2018/19xxx/CVE-2018-19334.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19334",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromium.googlesource.com/infra/infra/+/77ef00cb53d90c9d1f984eca434d828de5c167a5",
"refsource" : "MISC",
"url" : "https://chromium.googlesource.com/infra/infra/+/77ef00cb53d90c9d1f984eca434d828de5c167a5"
},
{
"name" : "https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549",
"refsource" : "MISC",
"url" : "https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549"
}
]
}

53
2018/19xxx/CVE-2018-19335.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19335",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromium.googlesource.com/infra/infra/+/e27936ef82d33a5f286e1f2f22817aa682f79e90",
"refsource" : "MISC",
"url" : "https://chromium.googlesource.com/infra/infra/+/e27936ef82d33a5f286e1f2f22817aa682f79e90"
},
{
"name" : "https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549",
"refsource" : "MISC",
"url" : "https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549"
}
]
}

18
2018/19xxx/CVE-2018-19364.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19364",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/19xxx/CVE-2018-19365.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19365",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/19xxx/CVE-2018-19366.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19366",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2018/19xxx/CVE-2018-19367.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/lichti/shodan-portainer/",
"refsource" : "MISC",
"url" : "https://github.com/lichti/shodan-portainer/"
},
{
"name" : "https://github.com/portainer/portainer/issues/2475",
"refsource" : "MISC",
"url" : "https://github.com/portainer/portainer/issues/2475"
}
]
}
}

18
2018/19xxx/CVE-2018-19368.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19368",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/19xxx/CVE-2018-19369.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19369",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2018/1xxx/CVE-2018-1049.json
View File

@ -53,6 +53,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1534701",
"refsource" : "CONFIRM",

76
2018/1xxx/CVE-2018-1841.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-11-13T00:00:00",
"ID" : "CVE-2018-1841",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cloud Private",
"version" : {
"version_data" : [
{
"version_value" : "2.1.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,53 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "6.200",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10739851",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10739851"
},
{
"name" : "ibm-cloud-cve20181841-info-disc(150901)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150901"
}
]
}

5
2018/1xxx/CVE-2018-1884.json
View File

@ -93,6 +93,11 @@
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737897"
},
{
"name" : "105946",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105946"
},
{
"name" : "ibm-case-cve20181884-code-exec(151970)",
"refsource" : "XF",

5
2018/6xxx/CVE-2018-6954.json
View File

@ -61,6 +61,11 @@
"name" : "USN-3816-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3816-1/"
},
{
"name" : "USN-3816-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3816-2/"
}
]
}

5
2018/7xxx/CVE-2018-7799.json
View File

@ -61,6 +61,11 @@
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-298-01/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-298-01/"
},
{
"name" : "105951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105951"
}
]
}

54
2018/9xxx/CVE-2018-9207.json
View File

@ -1,8 +1,35 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "larry0@me.com",
"DATE_ASSIGNED" : "2018-11-02",
"ID" : "CVE-2018-9207",
"STATE" : "RESERVED"
"REQUESTER" : "larry0@me.com",
"STATE" : "PUBLIC",
"UPDATED" : "2018-11-19T13:21Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : " jQuery Upload File",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "4.0.2"
}
]
}
}
]
},
"vendor_name" : "hayageek"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +38,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Arbitrary file upload in jQuery Upload File <= 4.0.2"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbitrary file upload vulnerability in jQuery Upload File v4.0.2"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vapidlabs.com/advisory.php?v=206",
"refsource" : "MISC",
"url" : "http://www.vapidlabs.com/advisory.php?v=206"
}
]
}

54
2018/9xxx/CVE-2018-9209.json
View File

@ -1,8 +1,35 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "larry0@me.com",
"DATE_ASSIGNED" : "2018-11-10",
"ID" : "CVE-2018-9209",
"STATE" : "RESERVED"
"REQUESTER" : "larry0@me.com",
"STATE" : "PUBLIC",
"UPDATED" : "2018-11-17T13:21Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FineUploader php-traditional-server",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "1.2.2"
}
]
}
}
]
},
"vendor_name" : "FineUploader"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +38,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "FineUploader php-traditional-server <= v1.2.2 unauthenticated arbitrary file upload vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vapidlabs.com/advisory.php?v=208",
"refsource" : "MISC",
"url" : "http://www.vapidlabs.com/advisory.php?v=208"
}
]
}