admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-09 16:04:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-05-15 18:05:41 -04:00
parent 42889048e6
commit 42255db77a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
12 changed files with 115 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

151
2017/2xxx/CVE-2017-2613.json
View File

@ -1,72 +1,85 @@
{ {
"impact": { "CVE_data_meta" : {
"cvss": [ "ASSIGNER" : "lpardo@redhat.com",
[ "ID" : "CVE-2017-2613",
{ "STATE" : "PUBLIC"
"vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", },
"version": "3.0" "affects" : {
} "vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "jenkins",
"version" : {
"version_data" : [
{
"version_value" : "jenkins 2.44"
},
{
"version_value" : "jenkins 2.32.2"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406)."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-770"
}
] ]
] }
}, ]
"description": { },
"description_data": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406)." "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613",
} "refsource" : "CONFIRM",
] "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613"
}, },
"data_type": "CVE", {
"affects": { "name" : "https://github.com/jenkinsci/jenkins/commit/b88b20ec473200db35d0a0d29dcf192069106601",
"vendor": { "refsource" : "CONFIRM",
"vendor_data": [ "url" : "https://github.com/jenkinsci/jenkins/commit/b88b20ec473200db35d0a0d29dcf192069106601"
{ },
"product": { {
"product_data": [ "name" : "https://jenkins.io/security/advisory/2017-02-01/",
{ "refsource" : "CONFIRM",
"version": { "url" : "https://jenkins.io/security/advisory/2017-02-01/"
"version_data": [ }
{ ]
"version_value": "jenkins 2.44" }
},
{
"version_value": "jenkins 2.32.2"
}
]
},
"product_name": "jenkins"
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2613"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2017-2613",
"ASSIGNER": "lpardo@redhat.com"
}
} }

7
2018/10xxx/CVE-2018-10589.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "A path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code." "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code."
} }
] ]
}, },
@ -54,10 +54,9 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download"
} }
] ]
} }

7
2018/10xxx/CVE-2018-10590.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "An information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible." "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible."
} }
] ]
}, },
@ -54,10 +54,9 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download"
} }
] ]
} }

7
2018/10xxx/CVE-2018-10591.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "An origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users." "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users."
} }
] ]
}, },
@ -54,10 +54,9 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download"
} }
] ]
} }

7
2018/7xxx/CVE-2018-7495.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "An external control of file name or path vulnerability has been identified, which may allow an attacker to delete files." "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files."
} }
] ]
}, },
@ -54,10 +54,9 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download"
} }
] ]
} }

7
2018/7xxx/CVE-2018-7497.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "Several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code."
} }
] ]
}, },
@ -54,10 +54,9 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download"
} }
] ]
} }

7
2018/7xxx/CVE-2018-7499.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "Several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code."
} }
] ]
}, },
@ -54,10 +54,9 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download"
} }
] ]
} }

7
2018/7xxx/CVE-2018-7501.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "Several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host." "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host."
} }
] ]
}, },
@ -54,10 +54,9 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download"
} }
] ]
} }

7
2018/7xxx/CVE-2018-7503.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "A path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target." "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target."
} }
] ]
}, },
@ -54,10 +54,9 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download"
} }
] ]
} }

7
2018/7xxx/CVE-2018-7505.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "A TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code." "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code."
} }
] ]
}, },
@ -54,10 +54,9 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download"
} }
] ]
} }

7
2018/8xxx/CVE-2018-8841.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "An improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user." "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user."
} }
] ]
}, },
@ -54,10 +54,9 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download"
} }
] ]
} }

7
2018/8xxx/CVE-2018-8845.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "A heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code." "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code."
} }
] ]
}, },
@ -54,10 +54,9 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
},
{
"url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download"
} }
] ]
} }