admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-01-10 12:05:10 -05:00
parent d2ec119d24
commit 180582ef9e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 299 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
2018/0xxx/CVE-2018-0482.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-09T16:00:00-0800",
"ID": "CVE-2018-0482",
"STATE": "PUBLIC",
"TITLE": "Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Prime Network Control System ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-09T16:00:00-0800",
"ID" : "CVE-2018-0482",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Prime Network Control System ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "5.4",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information. "
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190109 Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-pnc-stored-xss"
}
]
},
"source": {
"advisory": "cisco-sa-20190109-pnc-stored-xss",
"defect": [
[
"CSCvj92813"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190109 Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-pnc-stored-xss"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190109-pnc-stored-xss",
"defect" : [
[
"CSCvj92813"
]
],
"discovery" : "INTERNAL"
}
}

166
2018/0xxx/CVE-2018-0483.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-09T16:00:00-0800",
"ID": "CVE-2018-0483",
"STATE": "PUBLIC",
"TITLE": "Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Jabber IM for Android ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-09T16:00:00-0800",
"ID" : "CVE-2018-0483",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Jabber IM for Android ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "4.6",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information. "
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "4.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190109 Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-jcf-im-xss"
}
]
},
"source": {
"advisory": "cisco-sa-20190109-jcf-im-xss",
"defect": [
[
"CSCvm82721"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190109 Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-jcf-im-xss"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190109-jcf-im-xss",
"defect" : [
[
"CSCvm82721"
]
],
"discovery" : "INTERNAL"
}
}

73
2019/5xxx/CVE-2019-5892.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5892",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,53 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2, as used in Cumulus Linux through 3.7.x and other products, when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/FRRouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a",
"refsource" : "MISC",
"url" : "https://github.com/FRRouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a"
},
{
"name" : "https://github.com/FRRouting/frr/releases/tag/frr-3.0.4",
"refsource" : "MISC",
"url" : "https://github.com/FRRouting/frr/releases/tag/frr-3.0.4"
},
{
"name" : "https://github.com/FRRouting/frr/releases/tag/frr-4.0.1",
"refsource" : "MISC",
"url" : "https://github.com/FRRouting/frr/releases/tag/frr-4.0.1"
},
{
"name" : "https://github.com/FRRouting/frr/releases/tag/frr-5.0.2",
"refsource" : "MISC",
"url" : "https://github.com/FRRouting/frr/releases/tag/frr-5.0.2"
},
{
"name" : "https://github.com/FRRouting/frr/releases/tag/frr-6.0.2",
"refsource" : "MISC",
"url" : "https://github.com/FRRouting/frr/releases/tag/frr-6.0.2"
},
{
"name" : "https://lists.frrouting.org/pipermail/frog/2019-January/000404.html",
"refsource" : "MISC",
"url" : "https://lists.frrouting.org/pipermail/frog/2019-January/000404.html"
}
]
}

62
2019/5xxx/CVE-2019-5893.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5893",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/EmreOvunc/OpenSource-ERP-SQL-Injection",
"refsource" : "MISC",
"url" : "https://github.com/EmreOvunc/OpenSource-ERP-SQL-Injection"
}
]
}
}