admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-04-03 18:04:04 -04:00
parent 3de98c2f7f
commit 27492eeb6c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
15 changed files with 661 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
2015/1xxx/CVE-2015-1975.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1975",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,29 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/103694"
}
]
}

58
2017/17xxx/CVE-2017-17742.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17742",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
}
]
}

100
2017/3xxx/CVE-2017-3972.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
"ID": "CVE-2017-3972",
"STATE": "PUBLIC",
"TITLE": "SB10192 - Network Security Management (NSM) - Infrastructure-based foot printing vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@mcafee.com",
"DATE_PUBLIC" : "2017-03-29T17:00:00.000Z",
"ID" : "CVE-2017-3972",
"STATE" : "PUBLIC",
"TITLE" : "SB10192 - Network Security Management (NSM) - Infrastructure-based foot printing vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Network Security Management (NSM)",
"version": {
"version_data": [
"product_name" : "Network Security Management (NSM)",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "8.2",
"version_value": "8.2.7.42.2"
"affected" : "<",
"version_name" : "8.2",
"version_value" : "8.2.7.42.2"
}
]
}
}
]
},
"vendor_name": "McAfee"
"vendor_name" : "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information."
"lang" : "eng",
"value" : "Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 8.3,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Infrastructure-based foot printing vulnerability"
"lang" : "eng",
"value" : "Infrastructure-based foot printing vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"
}
]
},
"source": {
"advisory": "SB10192",
"discovery": "EXTERNAL"
"source" : {
"advisory" : "SB10192",
"discovery" : "EXTERNAL"
}
}

160
2017/4xxx/CVE-2017-4028.json
View File

@ -1,144 +1,144 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2017-05-12T17:00:00.000Z",
"ID": "CVE-2017-4028",
"STATE": "PUBLIC",
"TITLE": "SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@mcafee.com",
"DATE_PUBLIC" : "2017-05-12T17:00:00.000Z",
"ID" : "CVE-2017-4028",
"STATE" : "PUBLIC",
"TITLE" : "SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "McAfee Anti-Virus Plus (AVP)",
"version": {
"version_data": [
"product_name" : "McAfee Anti-Virus Plus (AVP)",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "170329",
"version_value": "29 Mar 2017"
"affected" : "<",
"version_name" : "170329",
"version_value" : "29 Mar 2017"
}
]
}
},
{
"product_name": "McAfee Endpoint Security (ENS)",
"version": {
"version_data": [
"product_name" : "McAfee Endpoint Security (ENS)",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "10.2",
"version_value": "10.2 DAT V3 DAT 2932.0"
"affected" : "<",
"version_name" : "10.2",
"version_value" : "10.2 DAT V3 DAT 2932.0"
}
]
}
},
{
"product_name": "McAfee Host Intrusion Prevention (Host IPS)",
"version": {
"version_data": [
"product_name" : "McAfee Host Intrusion Prevention (Host IPS)",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "8.0",
"version_value": "8.0 Patch 9 Hotfix 1188590"
"affected" : "<",
"version_name" : "8.0",
"version_value" : "8.0 Patch 9 Hotfix 1188590"
}
]
}
},
{
"product_name": "McAfee Internet Security (MIS)",
"version": {
"version_data": [
"product_name" : "McAfee Internet Security (MIS)",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "170329",
"version_value": "29 Mar 2017"
"affected" : "<",
"version_name" : "170329",
"version_value" : "29 Mar 2017"
}
]
}
},
{
"product_name": "McAfee Total Protection (MTP)",
"version": {
"version_data": [
"product_name" : "McAfee Total Protection (MTP)",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "170329",
"version_value": "29 Mar 2017"
"affected" : "<",
"version_name" : "170329",
"version_value" : "29 Mar 2017"
}
]
}
},
{
"product_name": "McAfee Virus Scan Enterprise (VSE)",
"version": {
"version_data": [
"product_name" : "McAfee Virus Scan Enterprise (VSE)",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "8.8",
"version_value": "8.8 Patch 8/9 Hotfix 1187884"
"affected" : "<",
"version_name" : "8.8",
"version_value" : "8.8 Patch 8/9 Hotfix 1187884"
}
]
}
}
]
},
"vendor_name": "McAfee"
"vendor_name" : "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters."
"lang" : "eng",
"value" : "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Maliciously misconfigured registry vulnerability"
"lang" : "eng",
"value" : "Maliciously misconfigured registry vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10193"
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10193"
}
]
},
"source": {
"advisory": "SB10193",
"discovery": "EXTERNAL"
"source" : {
"advisory" : "SB10193",
"discovery" : "EXTERNAL"
}
}

5
2018/6xxx/CVE-2018-6251.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX 10 Usermode driver, where specially crafted pixel shader can cause writing to unallocated memory leading to denial of service or potential code execution."
"value" : "An exploitable heap memory corruption vulnerability exists in the NVIDIA D3D10 Driver 22.21.13.8607. A specially crafted pixel shader can cause heap memory corruption, resulting in at least denial of service, and potential code execution. An attacker can provide a specially crafted shader file (either in binary or text form) to trigger this vulnerability. This vulnerability can be triggered from a VMware guest, and the VMware host will be affected (potentially leading to VMware crash or guest-to-host escape)."
}
]
},
@ -53,6 +53,9 @@
},
"references" : {
"reference_data" : [
{
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0514"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4649"
}

5
2018/6xxx/CVE-2018-6253.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA GPU Display Driver contains a vulnerability in DirectX and OpenGL Usermode drivers where specially crafted pixel shader can cause infinite recursion leading to denial of service."
"value" : "An exploitable denial-of-service vulnerability exists in the Nvidia D3D10 Driver 22.21.13.8607. A specially crafted pixel shader can cause a stack overflow exception, resulting in at least denial of service. An attacker can provide a specially crafted shader file (either in binary or text form) to trigger this vulnerability. This vulnerability can be triggered from a VMware guest, and will affect a VMware host (leading to the vmware-vmx.exe process to crash on the host)."
}
]
},
@ -53,6 +53,9 @@
},
"references" : {
"reference_data" : [
{
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0522"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4649"
}

58
2018/6xxx/CVE-2018-6914.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6914",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/"
}
]
}

46
2018/8xxx/CVE-2018-8049.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8049",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=4"
}
]
}

58
2018/8xxx/CVE-2018-8777.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8777",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
}
]
}

58
2018/8xxx/CVE-2018-8778.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8778",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
}
]
}

58
2018/8xxx/CVE-2018-8779.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8779",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
}
]
}

58
2018/8xxx/CVE-2018-8780.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8780",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
}
]
}

18
2018/9xxx/CVE-2018-9239.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9239",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

60
2018/9xxx/CVE-2018-9240.json Normal file
View File

@ -0,0 +1,60 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://bugs.debian.org/894724"
}
]
}
}

18
2018/9xxx/CVE-2018-9241.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9241",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}