admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-31 10:08:11 -04:00
parent c0a3089d9f
commit 31d5043e00
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
22 changed files with 613 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2017/17xxx/CVE-2017-17174.json
View File

@ -71,6 +71,8 @@
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180703-01-algorithm-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180703-01-algorithm-en"
}
]

48
2017/17xxx/CVE-2017-17707.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17707",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding \"CredentialId\" value, which uniquely identifies a password safe entry. Since \"CredentialId\" values are implemented as GUIDs, they are hard to guess. However, if for example an entry's owner grants read-only access to a malicious user, the value gets exposed to the malicious user. The same holds true for temporary grants."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.profundis-labs.com/advisories/CVE-2017-17707.txt",
"refsource" : "MISC",
"url" : "https://www.profundis-labs.com/advisories/CVE-2017-17707.txt"
}
]
}

48
2017/17xxx/CVE-2017-17708.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17708",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.profundis-labs.com/advisories/CVE-2017-17708.txt",
"refsource" : "MISC",
"url" : "https://www.profundis-labs.com/advisories/CVE-2017-17708.txt"
}
]
}

2
2018/0xxx/CVE-2018-0500.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Curl_smtp_escape_eob in lib/smtp.c in curl before 7.61.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value)."
"value" : "Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value)."
}
]
},

48
2018/11xxx/CVE-2018-11338.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11338",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://corporateblue.com/your-taxes-are-being-leaked/",
"refsource" : "MISC",
"url" : "https://corporateblue.com/your-taxes-are-being-leaked/"
}
]
}

53
2018/12xxx/CVE-2018-12939.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12939",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the \"op/op.UploadChunks.php\" \"qquuid\" parameter. NOTE: this can be leveraged to execute arbitrary code by using CVE-2018-12940."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.contextis.com/resources/advisories/cve-2018-12939",
"refsource" : "MISC",
"url" : "https://www.contextis.com/resources/advisories/cve-2018-12939"
},
{
"name" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG"
}
]
}

53
2018/12xxx/CVE-2018-12940.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12940",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Unrestricted file upload vulnerability in \"op/op.UploadChunks.php\" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the \"qqfile\" parameter. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.contextis.com/resources/advisories/cve-2018-12940",
"refsource" : "MISC",
"url" : "https://www.contextis.com/resources/advisories/cve-2018-12940"
},
{
"name" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG"
}
]
}

53
2018/12xxx/CVE-2018-12941.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12941",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the \"cacheDir\" path and following usage of the \"Clear Cache\" functionality. This allows an authenticated attacker, with permission to the Settings functionality, to inject arbitrary system commands within the application by manipulating the \"Cache directory\" path. An attacker can use it to perform malicious tasks such as to extract, change, or delete sensitive information or run system commands on the underlying operating system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.contextis.com/resources/advisories/cve-2018-12941",
"refsource" : "MISC",
"url" : "https://www.contextis.com/resources/advisories/cve-2018-12941"
},
{
"name" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG"
}
]
}

53
2018/12xxx/CVE-2018-12942.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12942",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "SQL injection vulnerability in the \"Users management\" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this vulnerability to perform malicious tasks such as to extract, change, or delete sensitive information within the database supporting the application, and potentially run system commands on the underlying operating system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.contextis.com/resources/advisories/cve-2018-12942",
"refsource" : "MISC",
"url" : "https://www.contextis.com/resources/advisories/cve-2018-12942"
},
{
"name" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG"
}
]
}

53
2018/12xxx/CVE-2018-12943.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12943",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Cross-Site Scripting (XSS) vulnerability in every page that includes the \"action\" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.contextis.com/resources/advisories/cve-2018-12943",
"refsource" : "MISC",
"url" : "https://www.contextis.com/resources/advisories/cve-2018-12943"
},
{
"name" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG"
}
]
}

53
2018/12xxx/CVE-2018-12944.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12944",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Persistent Cross-Site Scripting (XSS) vulnerability in the \"Categories\" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.contextis.com/resources/advisories/cve-2018-12944",
"refsource" : "MISC",
"url" : "https://www.contextis.com/resources/advisories/cve-2018-12944"
},
{
"name" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG"
}
]
}

48
2018/14xxx/CVE-2018-14432.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14432",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated \"GET /v3/OS-FEDERATION/projects\" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20180725 [OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/07/25/2"
}
]
}

53
2018/14xxx/CVE-2018-14533.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14533",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45089",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45089/"
},
{
"name" : "https://neonsea.uk/blog/2018/07/21/tmp-to-rce.html",
"refsource" : "MISC",
"url" : "https://neonsea.uk/blog/2018/07/21/tmp-to-rce.html"
}
]
}

53
2018/14xxx/CVE-2018-14581.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14581",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://documentation.red-gate.com/ref10/release-notes-and-other-versions/net-reflector-10-0-release-notes",
"refsource" : "CONFIRM",
"url" : "https://documentation.red-gate.com/ref10/release-notes-and-other-versions/net-reflector-10-0-release-notes"
},
{
"name" : "https://documentation.red-gate.com/sa6/release-notes-and-other-versions/smartassembly-6-12-release-notes",
"refsource" : "CONFIRM",
"url" : "https://documentation.red-gate.com/sa6/release-notes-and-other-versions/smartassembly-6-12-release-notes"
}
]
}

2
2018/5xxx/CVE-2018-5543.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K58935003",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K58935003"
}
]

4
2018/5xxx/CVE-2018-5544.json
View File

@ -38,7 +38,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "When the BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters."
"value" : "When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters."
}
]
},
@ -57,6 +57,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K23024812",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K23024812"
}
]

2
2018/7xxx/CVE-2018-7934.json
View File

@ -53,6 +53,8 @@
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
]

2
2018/7xxx/CVE-2018-7947.json
View File

@ -53,6 +53,8 @@
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en"
}
]

2
2018/7xxx/CVE-2018-7957.json
View File

@ -53,6 +53,8 @@
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-smartphone-en"
}
]

4
2018/7xxx/CVE-2018-7992.json
View File

@ -40,7 +40,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Mdapt Driver of MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition."
"value" : "Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition."
}
]
},
@ -59,6 +59,8 @@
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180725-01-dos-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180725-01-dos-en"
}
]

2
2018/7xxx/CVE-2018-7993.json
View File

@ -53,6 +53,8 @@
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en"
}
]

2
2018/7xxx/CVE-2018-7994.json
View File

@ -74,6 +74,8 @@
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en"
}
]