admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-19 16:00:45 +00:00
parent 673297cfe6
commit 4d3b817e92
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
13 changed files with 581 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
2018/18xxx/CVE-2018-18406.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18406",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +34,52 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response doesn't directly display a requested file, but rather returns it inside the name data field when the report is saved. An attacker is able to view restricted operating system files. This issue affects all types of users: administrators or normal users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.tufin.com/",
"refsource": "MISC",
"name": "https://www.tufin.com/"
},
{
"url": "https://forum.tufin.com/support/kc/latest/",
"refsource": "MISC",
"name": "https://forum.tufin.com/support/kc/latest/"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/45808",
"url": "https://www.exploit-db.com/exploits/45808"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/A:L/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.0"
}
}
}

53
2018/18xxx/CVE-2018-18425.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18425",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply, which lets the owner of the contract issue an arbitrary amount of currency. (Increasing the total supply by using 'doAirdrop' ignores the hard cap written in the contract and devalues the token.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://etherscan.io/address/0x21a8a03b34e053f9b1d4545213d9d1d411a9d449#code",
"refsource": "MISC",
"name": "https://etherscan.io/address/0x21a8a03b34e053f9b1d4545213d9d1d411a9d449#code"
},
{
"refsource": "MISC",
"name": "https://www.jianshu.com/p/09f238e9e568",
"url": "https://www.jianshu.com/p/09f238e9e568"
}
]
}

53
2018/18xxx/CVE-2018-18471.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18471",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.axentra.com/en/",
"refsource": "MISC",
"name": "http://www.axentra.com/en/"
},
{
"refsource": "MISC",
"name": "https://www.wizcase.com/blog/hack-2018/",
"url": "https://www.wizcase.com/blog/hack-2018/"
}
]
}

53
2018/18xxx/CVE-2018-18472.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18472",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Western Digital WD My Book Live (all versions) has a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.wdc.com",
"refsource": "MISC",
"name": "https://www.wdc.com"
},
{
"refsource": "MISC",
"name": "https://www.wizcase.com/blog/hack-2018/",
"url": "https://www.wizcase.com/blog/hack-2018/"
}
]
}

53
2018/18xxx/CVE-2018-18757.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18757",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/author/?a=8844",
"refsource": "MISC",
"name": "https://www.exploit-db.com/author/?a=8844"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/45703",
"url": "https://www.exploit-db.com/exploits/45703"
}
]
}

53
2018/18xxx/CVE-2018-18758.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18758",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/author/?a=8844",
"refsource": "MISC",
"name": "https://www.exploit-db.com/author/?a=8844"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/45707",
"url": "https://www.exploit-db.com/exploits/45707"
}
]
}

48
2018/18xxx/CVE-2018-18863.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18863",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NGA ResourceLink 20.0.2.1 allows local file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.dionach.com/blog/cve-2018-18863-resourcelink-local-file-inclusion",
"url": "https://www.dionach.com/blog/cve-2018-18863-resourcelink-local-file-inclusion"
}
]
}

53
2018/19xxx/CVE-2018-19878.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19878",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.triadsec.com/CVE-2018-19878.pdf",
"url": "https://www.triadsec.com/CVE-2018-19878.pdf"
},
{
"url": "https://www.triadsec.com/",
"refsource": "MISC",
"name": "https://www.triadsec.com/"
}
]
}

61
2019/12xxx/CVE-2019-12491.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12491",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://docs.onapp.com/rn/general-security-advisory",
"url": "https://docs.onapp.com/rn/general-security-advisory"
},
{
"refsource": "MISC",
"name": "https://skylightcyber.com/2019/06/07/all-your-cloud-are-belong-to-us-cve-2019-12491/",
"url": "https://skylightcyber.com/2019/06/07/all-your-cloud-are-belong-to-us-cve-2019-12491/"
}
]
}

8
2019/12xxx/CVE-2019-12549.json
View File

@ -59,13 +59,13 @@
},
{
"refsource": "MISC",
"name": "https://cert.vde.com/en-us/advisories/vde-2019-013",
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02"
},
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-0",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-0"
"name": "https://cert.vde.com/en-us/advisories/vde-2019-013",
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
}
]
}

8
2019/12xxx/CVE-2019-12550.json
View File

@ -59,13 +59,13 @@
},
{
"refsource": "MISC",
"name": "https://cert.vde.com/en-us/advisories/vde-2019-013",
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02"
},
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-0",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-164-0"
"name": "https://cert.vde.com/en-us/advisories/vde-2019-013",
"url": "https://cert.vde.com/en-us/advisories/vde-2019-013"
}
]
}

48
2019/6xxx/CVE-2019-6114.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6114",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An integer overflow in the jp2 parsing library allows an attacker to overwrite memory and to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/ereisr00/bagofbugz/tree/master/CorelPaintShop2019",
"url": "https://github.com/ereisr00/bagofbugz/tree/master/CorelPaintShop2019"
}
]
}

58
2019/9xxx/CVE-2019-9701.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9701",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9701",
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Data Loss Prevention",
"version": {
"version_data": [
{
"version_value": "Prior to and including DLP 15.5 MP1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.symantec.com/us/en/article.SYMSA1484.html",
"url": "https://support.symantec.com/us/en/article.SYMSA1484.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy."
}
]
}