mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
- Synchronized data.
This commit is contained in:
parent
ede493fbe8
commit
2aecae099e
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20180813 Cisco IOS and IOS XE Software Internet Key Exchange Version 1 RSA-Encrypted Nonces Vulnerability",
|
||||
"refsource" : "CISCO",
|
||||
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180813-rsa-nonce"
|
||||
}
|
||||
]
|
||||
|
@ -54,14 +54,9 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-XXX-XX,",
|
||||
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-XXX-XX,"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.medtronic.com/security",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.medtronic.com/security"
|
||||
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"
|
||||
},
|
||||
{
|
||||
"name" : "105044",
|
||||
|
@ -2,7 +2,30 @@
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-14348",
|
||||
"STATE" : "RESERVED"
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
@ -11,7 +34,43 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value" : "libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1100365",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1100365"
|
||||
},
|
||||
{
|
||||
"name" : "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2018-f6adf1cb62",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VH333EONOEEGKOLHHFXCJYHCYMHJ4KK/"
|
||||
},
|
||||
{
|
||||
"name" : "openSUSE-SU-2018:2241",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00023.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2,7 +2,30 @@
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-14424",
|
||||
"STATE" : "RESERVED"
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
@ -11,7 +34,33 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value" : "The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://gitlab.gnome.org/GNOME/gdm/issues/401",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://gitlab.gnome.org/GNOME/gdm/issues/401"
|
||||
},
|
||||
{
|
||||
"name" : "USN-3737-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "https://usn.ubuntu.com/3737-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2,7 +2,30 @@
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-14429",
|
||||
"STATE" : "RESERVED"
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
@ -11,7 +34,33 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value" : "man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20180808 [CVE-2018-14429] man-cgi < 1.16 Local File Include",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "https://www.securityfocus.com/archive/1/542208/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/148855/man-cgi-Local-File-Inclusion.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/148855/man-cgi-Local-File-Inclusion.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -54,14 +54,9 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-219-02,",
|
||||
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-219-02,"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.medtronic.com/security",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.medtronic.com/security"
|
||||
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"
|
||||
},
|
||||
{
|
||||
"name" : "105044",
|
||||
|
@ -2,7 +2,30 @@
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-14888",
|
||||
"STATE" : "RESERVED"
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
@ -11,7 +34,43 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value" : "inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "45178",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/45178/"
|
||||
},
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/148871/MyBB-Thank-You-Like-3.0.0-Cross-Site-Scripting.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/148871/MyBB-Thank-You-Like-3.0.0-Cross-Site-Scripting.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://community.mybb.com/mods.php?action=changelog&pid=360",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://community.mybb.com/mods.php?action=changelog&pid=360"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/mybbgroup/MyBB_Thank-you-like-plugin/pull/199",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/mybbgroup/MyBB_Thank-you-like-plugin/pull/199"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2,7 +2,30 @@
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-14922",
|
||||
"STATE" : "RESERVED"
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
@ -11,7 +34,38 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "45156",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/45156/"
|
||||
},
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/148836/Monstra-Dev-3.0.4-Cross-Site-Scripting.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/148836/Monstra-Dev-3.0.4-Cross-Site-Scripting.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://indiancybersecuritysolutions.com/cve-2018-14922-cross-site-scripting/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://indiancybersecuritysolutions.com/cve-2018-14922-cross-site-scripting/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -58,16 +58,18 @@
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2597875"
|
||||
},
|
||||
{
|
||||
"name" : "https://launchpad.support.sap.com/#/notes/2653519",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2653519"
|
||||
},
|
||||
{
|
||||
"name" : "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/"
|
||||
},
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2653519"
|
||||
},
|
||||
{
|
||||
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
|
||||
},
|
||||
|
@ -70,10 +70,12 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"name" : "https://launchpad.support.sap.com/#/notes/2671160",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2671160"
|
||||
},
|
||||
{
|
||||
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
|
||||
}
|
||||
|
@ -62,10 +62,12 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"name" : "https://launchpad.support.sap.com/#/notes/2407193",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2407193"
|
||||
},
|
||||
{
|
||||
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
|
||||
}
|
||||
|
@ -58,10 +58,12 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"name" : "https://launchpad.support.sap.com/#/notes/2621395",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2621395"
|
||||
},
|
||||
{
|
||||
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
|
||||
}
|
||||
|
@ -39,7 +39,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery(SSRF) vulnerability."
|
||||
"value" : "AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -58,10 +58,12 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"name" : "https://launchpad.support.sap.com/#/notes/2630018",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2630018"
|
||||
},
|
||||
{
|
||||
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
|
||||
}
|
||||
|
@ -58,10 +58,12 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"name" : "https://launchpad.support.sap.com/#/notes/2633846",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2633846"
|
||||
},
|
||||
{
|
||||
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
|
||||
}
|
||||
|
@ -54,10 +54,12 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"name" : "https://launchpad.support.sap.com/#/notes/2644154",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2644154"
|
||||
},
|
||||
{
|
||||
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
|
||||
}
|
||||
|
@ -58,10 +58,12 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"name" : "https://launchpad.support.sap.com/#/notes/2653846",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2653846"
|
||||
},
|
||||
{
|
||||
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
|
||||
}
|
||||
|
@ -43,7 +43,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying."
|
||||
"value" : "SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -62,10 +62,12 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"name" : "https://launchpad.support.sap.com/#/notes/2655250",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2655250"
|
||||
},
|
||||
{
|
||||
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
|
||||
}
|
||||
|
@ -58,10 +58,12 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"name" : "https://launchpad.support.sap.com/#/notes/2660005",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2660005"
|
||||
},
|
||||
{
|
||||
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
|
||||
}
|
||||
|
@ -54,10 +54,12 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource" : "CONFIRM",
|
||||
"name" : "https://launchpad.support.sap.com/#/notes/2590705",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://launchpad.support.sap.com/#/notes/2590705"
|
||||
},
|
||||
{
|
||||
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
|
||||
}
|
||||
|
@ -1,68 +1,68 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"ID": "CVE-2018-5392",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR"
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cert@cert.org",
|
||||
"ID" : "CVE-2018-5392",
|
||||
"STATE" : "PUBLIC",
|
||||
"TITLE" : "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name": "mingw-w64",
|
||||
"version": {
|
||||
"version_data": [
|
||||
"product_name" : "mingw-w64",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"affected": "=",
|
||||
"version_name": "5.0.4",
|
||||
"version_value": "5.0.4"
|
||||
"affected" : "=",
|
||||
"version_name" : "5.0.4",
|
||||
"version_value" : "5.0.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "mingw"
|
||||
"vendor_name" : "mingw"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the \"Dynamic base\" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result."
|
||||
"lang" : "eng",
|
||||
"value" : "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the \"Dynamic base\" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description": [
|
||||
"description" : [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-824"
|
||||
"lang" : "eng",
|
||||
"value" : "CWE-824"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name": "VU#307144",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "https://www.kb.cert.org/vuls/id/307144"
|
||||
"name" : "VU#307144",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "https://www.kb.cert.org/vuls/id/307144"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
"source" : {
|
||||
"discovery" : "UNKNOWN"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user