admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-09 16:04:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-04-13 17:05:05 -04:00
parent c6f92e83d1
commit 1fac246fb4
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 302 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
2014/1xxx/CVE-2014-1686.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1686",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,43 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140312 CVE-2014-1686 -- Information disclosure: webserver source path in Mediawiki 1.18.0",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Mar/102"
},
{
"name" : "https://packetstormsecurity.com/files/125682",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/125682"
},
{
"name" : "66141",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66141"
},
{
"name" : "mediawiki-cve20141686-path-disclosure(91847)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91847"
}
]
}

58
2014/2xxx/CVE-2014-2069.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2069",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140222 [CVE-2014-2069] 'eshtery CMS' allows remote attackers to read arbitrary files",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Feb/219"
},
{
"name" : "65740",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65740"
},
{
"name" : "eshtery-filemanager-file-disclosure(91463)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91463"
}
]
}

119
2018/1000xxx/CVE-2018-1000169.json
View File

@ -1,62 +1,65 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2018-04-11/#SECURITY-754"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.115 and older, LTS 2.107.1 and older"
}
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-04-13T12:36:10.352796",
"DATE_REQUESTED" : "2018-04-11T00:00:00",
"ID" : "CVE-2018-1000169",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.115 and older, LTS 2.107.1 and older"
}
]
}
}
]
},
"product_name": "Jenkins"
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"CVE_data_meta": {
"DATE_ASSIGNED": "2018-04-13T12:36:10.352796",
"DATE_REQUESTED": "2018-04-11T00:00:00",
"ID": "CVE-2018-1000169",
"ASSIGNER": "kurt@seifried.org",
"REQUESTER": "ml@beckweb.net"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209"
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-209"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-04-11/#SECURITY-754",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-04-11/#SECURITY-754"
}
]
}
}

119
2018/1000xxx/CVE-2018-1000170.json
View File

@ -1,62 +1,65 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2018-04-11/#SECURITY-759"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.115 and older, LTS 2.107.1 and older"
}
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-04-13T12:36:10.353469",
"DATE_REQUESTED" : "2018-04-11T00:00:00",
"ID" : "CVE-2018-1000170",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.115 and older, LTS 2.107.1 and older"
}
]
}
}
]
},
"product_name": "Jenkins"
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"CVE_data_meta": {
"DATE_ASSIGNED": "2018-04-13T12:36:10.353469",
"DATE_REQUESTED": "2018-04-11T00:00:00",
"ID": "CVE-2018-1000170",
"ASSIGNER": "kurt@seifried.org",
"REQUESTER": "ml@beckweb.net"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-04-11/#SECURITY-759",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-04-11/#SECURITY-759"
}
]
}
}

62
2018/10xxx/CVE-2018-10097.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10097",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/146855/Domaintrader-2.5.3-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/146855/Domaintrader-2.5.3-Cross-Site-Scripting.html"
}
]
}
}

2
2018/7xxx/CVE-2018-7449.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "SEGGER embOS/IP FTP Server 3.22 allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command."
"value" : "SEGGER Free FTP Server Utility 3.22 allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command."
}
]
},