- Synchronized data.

This commit is contained in:
CVE Team 2018-08-14 14:08:15 -04:00
parent ede493fbe8
commit 2aecae099e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
20 changed files with 361 additions and 77 deletions

View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "20180813 Cisco IOS and IOS XE Software Internet Key Exchange Version 1 RSA-Encrypted Nonces Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180813-rsa-nonce"
}
]

View File

@ -54,14 +54,9 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-XXX-XX,",
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-XXX-XX,"
},
{
"name" : "https://www.medtronic.com/security",
"refsource" : "MISC",
"url" : "https://www.medtronic.com/security"
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"
},
{
"name" : "105044",

View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14348",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,43 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1100365",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1100365"
},
{
"name" : "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/"
},
{
"name" : "FEDORA-2018-f6adf1cb62",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VH333EONOEEGKOLHHFXCJYHCYMHJ4KK/"
},
{
"name" : "openSUSE-SU-2018:2241",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00023.html"
}
]
}

View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14424",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gitlab.gnome.org/GNOME/gdm/issues/401",
"refsource" : "CONFIRM",
"url" : "https://gitlab.gnome.org/GNOME/gdm/issues/401"
},
{
"name" : "USN-3737-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3737-1/"
}
]
}

View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14429",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180808 [CVE-2018-14429] man-cgi < 1.16 Local File Include",
"refsource" : "BUGTRAQ",
"url" : "https://www.securityfocus.com/archive/1/542208/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/148855/man-cgi-Local-File-Inclusion.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148855/man-cgi-Local-File-Inclusion.html"
}
]
}

View File

@ -54,14 +54,9 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-219-02,",
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-219-02,"
},
{
"name" : "https://www.medtronic.com/security",
"refsource" : "MISC",
"url" : "https://www.medtronic.com/security"
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"
},
{
"name" : "105044",

View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14888",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,43 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45178",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45178/"
},
{
"name" : "http://packetstormsecurity.com/files/148871/MyBB-Thank-You-Like-3.0.0-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148871/MyBB-Thank-You-Like-3.0.0-Cross-Site-Scripting.html"
},
{
"name" : "https://community.mybb.com/mods.php?action=changelog&pid=360",
"refsource" : "CONFIRM",
"url" : "https://community.mybb.com/mods.php?action=changelog&pid=360"
},
{
"name" : "https://github.com/mybbgroup/MyBB_Thank-you-like-plugin/pull/199",
"refsource" : "CONFIRM",
"url" : "https://github.com/mybbgroup/MyBB_Thank-you-like-plugin/pull/199"
}
]
}

View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14922",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45156",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45156/"
},
{
"name" : "http://packetstormsecurity.com/files/148836/Monstra-Dev-3.0.4-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148836/Monstra-Dev-3.0.4-Cross-Site-Scripting.html"
},
{
"name" : "https://indiancybersecuritysolutions.com/cve-2018-14922-cross-site-scripting/",
"refsource" : "MISC",
"url" : "https://indiancybersecuritysolutions.com/cve-2018-14922-cross-site-scripting/"
}
]
}

View File

@ -58,16 +58,18 @@
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2597875"
},
{
"name" : "https://launchpad.support.sap.com/#/notes/2653519",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2653519"
},
{
"name" : "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/",
"refsource" : "CONFIRM",
"url" : "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/"
},
{
"refsource" : "CONFIRM",
"url" : "https://launchpad.support.sap.com/#/notes/2653519"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
},

View File

@ -70,10 +70,12 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://launchpad.support.sap.com/#/notes/2671160",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}

View File

@ -62,10 +62,12 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://launchpad.support.sap.com/#/notes/2407193",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2407193"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}

View File

@ -58,10 +58,12 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://launchpad.support.sap.com/#/notes/2621395",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2621395"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}

View File

@ -39,7 +39,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery(SSRF) vulnerability."
"value" : "AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability."
}
]
},
@ -58,10 +58,12 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://launchpad.support.sap.com/#/notes/2630018",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2630018"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}

View File

@ -58,10 +58,12 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://launchpad.support.sap.com/#/notes/2633846",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2633846"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}

View File

@ -54,10 +54,12 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://launchpad.support.sap.com/#/notes/2644154",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2644154"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}

View File

@ -58,10 +58,12 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://launchpad.support.sap.com/#/notes/2653846",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2653846"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}

View File

@ -43,7 +43,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying."
"value" : "SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying."
}
]
},
@ -62,10 +62,12 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://launchpad.support.sap.com/#/notes/2655250",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2655250"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}

View File

@ -58,10 +58,12 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://launchpad.support.sap.com/#/notes/2660005",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2660005"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}

View File

@ -54,10 +54,12 @@
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://launchpad.support.sap.com/#/notes/2590705",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2590705"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}

View File

@ -1,68 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5392",
"STATE": "PUBLIC",
"TITLE": "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2018-5392",
"STATE" : "PUBLIC",
"TITLE" : "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "mingw-w64",
"version": {
"version_data": [
"product_name" : "mingw-w64",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "5.0.4",
"version_value": "5.0.4"
"affected" : "=",
"version_name" : "5.0.4",
"version_value" : "5.0.4"
}
]
}
}
]
},
"vendor_name": "mingw"
"vendor_name" : "mingw"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the \"Dynamic base\" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result."
"lang" : "eng",
"value" : "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the \"Dynamic base\" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-824"
"lang" : "eng",
"value" : "CWE-824"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#307144",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/307144"
"name" : "VU#307144",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/307144"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}