admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-16 16:04:03 -04:00
parent b5c0784bb1
commit 34b118f45c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
11 changed files with 430 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
2017/15xxx/CVE-2017-15137.json
View File

@ -1,69 +1,72 @@
{
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2017-15137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "atomic-openshift",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as \"oc tag\", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
]
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as \"oc tag\", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
},
"product_name": "atomic-openshift"
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2017-15137",
"ASSIGNER": "lpardo@redhat.com"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137"
}
]
}
}

62
2017/17xxx/CVE-2017-17541.json
View File

@ -1,60 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-17541",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@fortinet.com",
"ID" : "CVE-2017-17541",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Fortinet FortiManager, FortiAnalyzer",
"version": {
"version_data": [
"product_name" : "Fortinet FortiManager, FortiAnalyzer",
"version" : {
"version_data" : [
{
"version_value": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
"version_value" : "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
}
]
}
}
]
},
"vendor_name": "Fortinet"
"vendor_name" : "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": " A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
"lang" : "eng",
"value" : "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
"lang" : "eng",
"value" : "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
"name" : "https://fortiguard.com/advisory/FG-IR-17-305",
"refsource" : "CONFIRM",
"url" : "https://fortiguard.com/advisory/FG-IR-17-305"
}
]
}
}
}

10
2018/1000xxx/CVE-2018-1000207.json
View File

@ -55,6 +55,16 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/a2u/CVE-2018-1000207",
"refsource" : "MISC",
"url" : "https://github.com/a2u/CVE-2018-1000207"
},
{
"name" : "https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4",
"refsource" : "MISC",
"url" : "https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4"
},
{
"name" : "https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68",
"refsource" : "CONFIRM",

135
2018/10xxx/CVE-2018-10840.json
View File

@ -1,69 +1,72 @@
{
"impact": {
"cvss": [
[
{
"vectorString": "5.2/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-10840",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "heap-based buffer overflow in fs/ext4/xattr.c",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "kernel"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.2/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-122"
}
]
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
},
"product_name": "heap-based buffer overflow in fs/ext4/xattr.c"
}
]
},
"vendor_name": "kernel"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10840"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2018-10840",
"ASSIGNER": "lpardo@redhat.com"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10840",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10840"
}
]
}
}

135
2018/10xxx/CVE-2018-10857.json
View File

@ -1,69 +1,72 @@
{
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-10857",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "git-annex",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
]
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
},
"product_name": "git-annex"
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10857"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2018-10857",
"ASSIGNER": "lpardo@redhat.com"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10857",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10857"
}
]
}
}

5
2018/10xxx/CVE-2018-10889.json
View File

@ -73,6 +73,11 @@
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10889"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=373369",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=373369"
},
{
"name" : "104733",
"refsource" : "BID",

5
2018/10xxx/CVE-2018-10890.json
View File

@ -76,6 +76,11 @@
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10890"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=373370",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=373370"
},
{
"name" : "104738",
"refsource" : "BID",

5
2018/10xxx/CVE-2018-10891.json
View File

@ -76,6 +76,11 @@
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10891"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=373371",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=373371"
},
{
"name" : "104739",
"refsource" : "BID",

53
2018/12xxx/CVE-2018-12584.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12584",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://joachimdezutter.webredirect.org/advisory.html",
"refsource" : "MISC",
"url" : "http://joachimdezutter.webredirect.org/advisory.html"
},
{
"name" : "https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608",
"refsource" : "CONFIRM",
"url" : "https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608"
}
]
}

48
2018/13xxx/CVE-2018-13832.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13832",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackpuntes.com/cve-2018-13832-wordpress-plugin-all-in-one-favicon-4-6-autenticado-multiples-cross-site-scripting-persistentes/",
"refsource" : "MISC",
"url" : "https://hackpuntes.com/cve-2018-13832-wordpress-plugin-all-in-one-favicon-4-6-autenticado-multiples-cross-site-scripting-persistentes/"
}
]
}

135
2018/1xxx/CVE-2018-1046.json
View File

@ -1,69 +1,72 @@
{
"impact": {
"cvss": [
[
{
"vectorString": "7.0/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-1046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "pdns",
"version" : {
"version_data" : [
{
"version_value" : "pdns 4.1.2"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.0/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121"
}
]
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the ecs-stamp option of dnsreplay is used."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "pdns 4.1.2"
}
]
},
"product_name": "pdns"
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1046"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2018-1046",
"ASSIGNER": "lpardo@redhat.com"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1046",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1046"
}
]
}
}