admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

pushing apache IDs per publication request.

Browse Source
This commit is contained in:
CVE Team 2018-03-20 11:57:44 -04:00
parent 7527627e6a
commit 247e60452d
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
3 changed files with 144 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
2018/1xxx/CVE-2018-1294.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-03-19T00:00:00",
"ID" : "CVE-2018-1294",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Commons Email",
"version" : {
"version_data" : [
{
"version_value" : "All Versions of Commons-Email, from 1.0, to 1.4, inclusive. The current version 1.5 is not affected."
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called \"Bounce Address\", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient Data Validation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://seclists.org/oss-sec/2018/q1/107"
}
]
}

52
2018/1xxx/CVE-2018-1321.json
View File

@ -1,8 +1,35 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-03-19T00:00:00",
"ID" : "CVE-2018-1321",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Syncope",
"version" : {
"version_data" : [
{
"version_value" : "Releases prior to 1.2.11, Releases prior to 2.0.8"
},
{
"version_value" : "The unsupported Releases 1.0.x, 1.1.x may be also affected."
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +38,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "File read and write, remote code execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://syncope.apache.org/security.html#CVE-2018-1321:_Remote_code_execution_by_administrators_with_report_and_template_entitlements"
}
]
}

52
2018/1xxx/CVE-2018-1322.json
View File

@ -1,8 +1,35 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-03-19T00:00:00",
"ID" : "CVE-2018-1322",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Syncope",
"version" : {
"version_data" : [
{
"version_value" : "Releases prior to 1.2.11, Releases prior to 2.0.8"
},
{
"version_value" : "The unsupported Releases 1.0.x, 1.1.x may be also affected."
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +38,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can recover sensitive security values using the fiql and orderby parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting"
}
]
}