admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-11 04:13:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-24 11:04:46 -04:00
parent d93510a927
commit 426936f7ac
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
22 changed files with 1033 additions and 982 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2017/3xxx/CVE-2017-3180.json
View File

@ -262,7 +262,7 @@
"description_data" : [
{
"lang" : "eng",
"value": "Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The products and versions that are affected include the following:\nTIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.2 and earlier\nTIBCO Spotfire Analyst 7.5.0\nTIBCO Spotfire Analyst 7.6.0\nTIBCO Spotfire Analyst 7.7.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace 7.0.2 and earlier\nTIBCO Spotfire Automation Services 6.5.3 and earlier\nTIBCO Spotfire Automation Services 7.0.0, and 7.0.1\nTIBCO Spotfire Connectors 7.6.0\nTIBCO Spotfire Deployment Kit 6.5.3 and earlier\nTIBCO Spotfire Deployment Kit 7.0.0, and 7.0.1\nTIBCO Spotfire Deployment Kit 7.5.0\nTIBCO Spotfire Deployment Kit 7.6.0\nTIBCO Spotfire Deployment Kit 7.7.0\nTIBCO Spotfire Desktop 6.5.2 and earlier\nTIBCO Spotfire Desktop 7.0.0, and 7.0.1\nTIBCO Spotfire Desktop 7.5.0\nTIBCO Spotfire Desktop 7.6.0\nTIBCO Spotfire Desktop 7.7.0\nTIBCO Spotfire Desktop Developer Edition 7.7.0\nTIBCO Spotfire Desktop Language Packs 7.0.1 and earlier\nTIBCO Spotfire Desktop Language Packs 7.5.0\nTIBCO Spotfire Desktop Language Packs 7.6.0\nTIBCO Spotfire Desktop Language Packs 7.7.0\nTIBCO Spotfire Professional 6.5.3 and earlier\nTIBCO Spotfire Professional 7.0.0 and 7.0.1\nTIBCO Spotfire Web Player 6.5.3 and earlier\nTIBCO Spotfire Web Player 7.0.0 and 7.0.1"
"value" : "Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The products and versions that are affected include the following: TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.2 and earlier TIBCO Spotfire Analyst 7.5.0 TIBCO Spotfire Analyst 7.6.0 TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Analytics Platform for AWS Marketplace 7.0.2 and earlier TIBCO Spotfire Automation Services 6.5.3 and earlier TIBCO Spotfire Automation Services 7.0.0, and 7.0.1 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 6.5.3 and earlier TIBCO Spotfire Deployment Kit 7.0.0, and 7.0.1 TIBCO Spotfire Deployment Kit 7.5.0 TIBCO Spotfire Deployment Kit 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 6.5.2 and earlier TIBCO Spotfire Desktop 7.0.0, and 7.0.1 TIBCO Spotfire Desktop 7.5.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.0.1 and earlier TIBCO Spotfire Desktop Language Packs 7.5.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 TIBCO Spotfire Professional 6.5.3 and earlier TIBCO Spotfire Professional 7.0.0 and 7.0.1 TIBCO Spotfire Web Player 6.5.3 and earlier TIBCO Spotfire Web Player 7.0.0 and 7.0.1"
}
]
},
@ -280,15 +280,15 @@
},
"references" : {
"reference_data" : [
{
"name": "95699",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/95699"
},
{
"name" : "https://www.tibco.com//support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3180",
"refsource" : "CONFIRM",
"url" : "https://www.tibco.com//support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3180"
},
{
"name" : "95699",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/95699"
}
]
},

12
2017/3xxx/CVE-2017-3181.json
View File

@ -129,7 +129,7 @@
"description_data" : [
{
"lang" : "eng",
"value": "Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected:\nTIBCO Spotfire Analyst 7.7.0\nTIBCO Spotfire Connectors 7.6.0\nTIBCO Spotfire Deployment Kit 7.7.0\nTIBCO Spotfire Desktop 7.6.0\nTIBCO Spotfire Desktop 7.7.0\nTIBCO Spotfire Desktop Developer Edition 7.7.0\nTIBCO Spotfire Desktop Language Packs 7.6.0\nTIBCO Spotfire Desktop Language Packs 7.7.0\n\nThe following components are affected:\nTIBCO Spotfire Client\nTIBCO Spotfire Web Player Client"
"value" : "Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client"
}
]
},
@ -147,15 +147,15 @@
},
"references" : {
"reference_data" : [
{
"name": "95696",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/95696"
},
{
"name" : "https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181",
"refsource" : "CONFIRM",
"url" : "https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181"
},
{
"name" : "95696",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/95696"
}
]
},

10
2017/3xxx/CVE-2017-3183.json
View File

@ -61,15 +61,15 @@
},
"references" : {
"reference_data" : [
{
"name": "96477",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/96477"
},
{
"name" : "VU#742632",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/742632"
},
{
"name" : "96477",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/96477"
}
]
},

2
2017/3xxx/CVE-2017-3188.json
View File

@ -43,7 +43,7 @@
"description_data" : [
{
"lang" : "eng",
"value": "The dotCMS administration panel, versions 3.7.1 and earlier, \"Push Publishing\" feature in Enterprise Pro is vulnerable to path traversal. When \"Bundle\" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for writing files to arbitrary directories on the file system. These archives may be uploaded directly via the administrator panel, or using the CSRF vulnerability (CVE-2017-3187).\nAn unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application."
"value" : "The dotCMS administration panel, versions 3.7.1 and earlier, \"Push Publishing\" feature in Enterprise Pro is vulnerable to path traversal. When \"Bundle\" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for writing files to arbitrary directories on the file system. These archives may be uploaded directly via the administrator panel, or using the CSRF vulnerability (CVE-2017-3187). An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application."
}
]
},

2
2017/3xxx/CVE-2017-3189.json
View File

@ -43,7 +43,7 @@
"description_data" : [
{
"lang" : "eng",
"value": "The dotCMS administration panel, versions 3.7.1 and earlier, \"Push Publishing\" feature in Enterprise Pro is vulnerable to arbitrary file upload. When \"Bundle\" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle contains. This vulnerability combined with the path traversal vulnerability above (CVE-2017-3188) can lead to remote command execution with the permissions of the user running the dotCMS application. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application."
"value" : "The dotCMS administration panel, versions 3.7.1 and earlier, \"Push Publishing\" feature in Enterprise Pro is vulnerable to arbitrary file upload. When \"Bundle\" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle contains. This vulnerability combined with the path traversal vulnerability (CVE-2017-3188) can lead to remote command execution with the permissions of the user running the dotCMS application. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application."
}
]
},

2
2017/3xxx/CVE-2017-3209.json
View File

@ -36,7 +36,7 @@
"description_data" : [
{
"lang" : "eng",
"value": "The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides full filesystem read/write permissions to the anonymous user. A remote user within range of the open access point on the drone may utilize the anonymous user of the FTP server to read arbitrary files, such as images and video recorded by the device, or to replace system files such as /etc/shadow to gain further access to the device. Furthermore, the DBPOWER U818A WIFI quadcopter drone uses BusyBox 1.20.2, which was released in 2012, and may be vulnerable to other known BusyBox vulnerabilities.\n"
"value" : "The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides full filesystem read/write permissions to the anonymous user. A remote user within range of the open access point on the drone may utilize the anonymous user of the FTP server to read arbitrary files, such as images and video recorded by the device, or to replace system files such as /etc/shadow to gain further access to the device. Furthermore, the DBPOWER U818A WIFI quadcopter drone uses BusyBox 1.20.2, which was released in 2012, and may be vulnerable to other known BusyBox vulnerabilities."
}
]
},

2
2017/3xxx/CVE-2017-3210.json
View File

@ -37,7 +37,7 @@
"description_data" : [
{
"lang" : "eng",
"value": "Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges.\n\nThe following applications have been identified by Portrait Displays as affected:\nFujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3.\nFujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9.\nHP Display Assistant: Version 2.1. The issue was fixed in Version 2.11.\nHP My Display: Version 2.0. The issue was fixed in Version 2.1.\nPhilips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26."
"value" : "Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26."
}
]
},

2
2017/3xxx/CVE-2017-3224.json
View File

@ -36,7 +36,7 @@
"description_data" : [
{
"lang" : "eng",
"value": "Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network.\nCVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)."
"value" : "Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)."
}
]
},

2
2017/3xxx/CVE-2017-3226.json
View File

@ -37,7 +37,7 @@
"description_data" : [
{
"lang" : "eng",
"value": "Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message."
"value" : "Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message."
}
]
},

18
2018/14xxx/CVE-2018-14580.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14580",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/14xxx/CVE-2018-14581.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14581",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

11
2018/5xxx/CVE-2018-5384.json
View File

@ -56,14 +56,19 @@
"references" : {
"reference_data" : [
{
"name": "VU#184077",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/184077"
"name" : "https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3",
"refsource" : "MISC",
"url" : "https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3"
},
{
"name" : "https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html"
},
{
"name" : "VU#184077",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/184077"
}
]
},

11
2018/5xxx/CVE-2018-5385.json
View File

@ -56,14 +56,19 @@
"references" : {
"reference_data" : [
{
"name": "VU#184077",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/184077"
"name" : "https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3",
"refsource" : "MISC",
"url" : "https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3"
},
{
"name" : "https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html"
},
{
"name" : "VU#184077",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/184077"
}
]
},

11
2018/5xxx/CVE-2018-5386.json
View File

@ -56,14 +56,19 @@
"references" : {
"reference_data" : [
{
"name": "VU#184077",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/184077"
"name" : "https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3",
"refsource" : "MISC",
"url" : "https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3"
},
{
"name" : "https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html"
},
{
"name" : "VU#184077",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/184077"
}
]
},

10
2018/5xxx/CVE-2018-5387.json
View File

@ -54,15 +54,15 @@
},
"references" : {
"reference_data" : [
{
"name": "VU#475445",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/475445"
},
{
"name" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
"refsource" : "MISC",
"url" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"name" : "VU#475445",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/475445"
}
]
},