admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-06-05 16:04:37 -04:00
parent 1774f0e7b1
commit 27c0a390af
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
16 changed files with 781 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
2017/7xxx/CVE-2017-7653.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta": {
"ASSIGNER": "emo@eclipse.org",
"ID": "CVE-2017-7653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Mosquitto",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.4.15"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
"CVE_data_meta" : {
"ASSIGNER" : "emo@eclipse.org",
"ID" : "CVE-2017-7653",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Eclipse Mosquitto",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "1.4.15"
}
]
}
}
]
},
"vendor_name" : "The Eclipse Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20: Improper Input Validation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113"
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113",
"refsource" : "CONFIRM",
"url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113"
}
]
}
}

121
2017/7xxx/CVE-2017-7654.json
View File

@ -1,64 +1,63 @@
{
"CVE_data_meta": {
"ASSIGNER": "emo@eclipse.org",
"ID": "CVE-2017-7654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Mosquitto",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.4.15"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
"CVE_data_meta" : {
"ASSIGNER" : "emo@eclipse.org",
"ID" : "CVE-2017-7654",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Eclipse Mosquitto",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "1.4.15"
}
]
}
}
]
},
"vendor_name" : "The Eclipse Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-401: Improper Release of Memory Before Removing Last Reference"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401: Improper Release of Memory Before Removing Last Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493",
"refsource" : "CONFIRM",
"url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493"
}
]
}
}

2
2017/9xxx/CVE-2017-9230.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent."
"value" : "The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability."
}
]
},

66
2018/1000xxx/CVE-2018-1000182.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-810"}]},"description": {"description_data": [{"lang": "eng","value": "A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.9.0 and older"}]},"product_name": "Jenkins Git Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.938563","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000182","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-441, CWE-918"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.938563",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000182",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Git Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.9.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-441, CWE-918"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-810",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-810"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000183.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-804"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.29.0 and older"}]},"product_name": "Jenkins GitHub Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.939725","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000183","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-201"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.939725",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000183",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins GitHub Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.29.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-201"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-804",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-804"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000184.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799"}]},"description": {"description_data": [{"lang": "eng","value": "A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.29.0 and older"}]},"product_name": "Jenkins GitHub Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.940841","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000184","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-441, CWE-918"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.940841",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000184",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins GitHub Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.29.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-441, CWE-918"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000185.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806"}]},"description": {"description_data": [{"lang": "eng","value": "A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.3.4 and older"}]},"product_name": "Jenkins GitHub Branch Source Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.941970","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000185","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-441, CWE-918"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.941970",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000185",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins GitHub Branch Source Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.3.4 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-441, CWE-918"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000186.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-805"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.41.0 and older"}]},"product_name": "Jenkins GitHub Pull Request Builder Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.943019","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000186","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-201"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.943019",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000186",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins GitHub Pull Request Builder Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.41.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-201"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-805",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-805"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000187.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-883"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.7.0 and older"}]},"product_name": "Jenkins Kubernetes Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.943867","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000187","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-200"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.943867",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000187",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Kubernetes Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.7.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-883",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-883"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000188.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-809"}]},"description": {"description_data": [{"lang": "eng","value": "A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.4.1 and older"}]},"product_name": "Jenkins CAS Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.944677","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000188","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-441, CWE-918"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.944677",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000188",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins CAS Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.4.1 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-441, CWE-918"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-809",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-809"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000189.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-807"}]},"description": {"description_data": [{"lang": "eng","value": "A command execution vulnerability exists in Jenkins Absint Astr\u221a\u00a9e Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.0.5 and older"}]},"product_name": "Jenkins Absint Astr\u221a\u00a9e Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.945520","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000189","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.945520",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000189",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Absint Astrée Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.0.5 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-807",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-807"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000190.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-865"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "4.0.0 and older"}]},"product_name": "Jenkins Black Duck Hub Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.946677","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000190","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-201"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.946677",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000190",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Black Duck Hub Plugin",
"version" : {
"version_data" : [
{
"version_value" : "4.0.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-201"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-865",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-865"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000191.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-866"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.4.0 and older"}]},"product_name": "Jenkins Black Duck Detect Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.947607","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000191","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-201"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.947607",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000191",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Black Duck Detect Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.4.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-201"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-866",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-866"
}
]
}
}

4
2018/10xxx/CVE-2018-10597.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The vulnerability allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet."
"value" : "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
]

4
2018/10xxx/CVE-2018-10599.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The vulnerability allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet."
"value" : "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
]

4
2018/10xxx/CVE-2018-10601.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The vulnerability exposes an \"echo\" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow."
"value" : "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an \"echo\" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
]