admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-09 16:04:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-05-02 17:03:32 -04:00
parent c2d22a5f53
commit 573788a139
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
20 changed files with 662 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2018/10xxx/CVE-2018-10115.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10115",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/",
"refsource" : "MISC",
"url" : "https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/"
},
{
"name" : "https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/"
}
]
}

53
2018/10xxx/CVE-2018-10294.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10294",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180501 XSS-Flexense-DiskBoss-Enterprise-all-versions",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/3"
},
{
"name" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions",
"refsource" : "MISC",
"url" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions"
}
]
}

53
2018/10xxx/CVE-2018-10563.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10563",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180501 XSS in Flexense SyncBreeze, affects all versions",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/4"
},
{
"name" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions",
"refsource" : "MISC",
"url" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions"
}
]
}

53
2018/10xxx/CVE-2018-10564.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10564",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180501 XSS in Flexense DiskPulse, affects all versions",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/5"
},
{
"name" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions",
"refsource" : "MISC",
"url" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions"
}
]
}

53
2018/10xxx/CVE-2018-10565.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10565",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180501 XSS in Flexense DiskSavvy, affects all versions",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/6"
},
{
"name" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions",
"refsource" : "MISC",
"url" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions"
}
]
}

53
2018/10xxx/CVE-2018-10566.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10566",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180501 XSS in Flexense DupScout, affects all versions",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/7"
},
{
"name" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions",
"refsource" : "MISC",
"url" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions"
}
]
}

53
2018/10xxx/CVE-2018-10567.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10567",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180501 XSS in Flexense VX Search, affects all versions",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/8"
},
{
"name" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions",
"refsource" : "MISC",
"url" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions"
}
]
}

53
2018/10xxx/CVE-2018-10568.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10568",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180501 XSS in Flexense DiskSorter, affects all versions",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/9"
},
{
"name" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions",
"refsource" : "MISC",
"url" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions"
}
]
}

5
2018/10xxx/CVE-2018-10575.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "20180501 Multiple issues in WatchGuard AP100 AP102 AP200 result in remote code execution",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/12"
},
{
"name" : "https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy",
"refsource" : "CONFIRM",

5
2018/10xxx/CVE-2018-10576.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "20180501 Multiple issues in WatchGuard AP100 AP102 AP200 result in remote code execution",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/12"
},
{
"name" : "https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy",
"refsource" : "CONFIRM",

48
2018/10xxx/CVE-2018-10577.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10577",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180501 Multiple issues in WatchGuard AP100 AP102 AP200 result in remote code execution",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/12"
}
]
}

48
2018/10xxx/CVE-2018-10578.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10578",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the \"old password\" field in the change password form allows an attacker to bypass validation of this field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180501 Multiple issues in WatchGuard AP100 AP102 AP200 result in remote code execution",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/12"
}
]
}

10
2018/7xxx/CVE-2018-7747.json
View File

@ -66,6 +66,16 @@
"name" : "https://wordpress.org/plugins/caldera-forms/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/caldera-forms/#developers"
},
{
"name" : "https://calderaforms.com/2018/03/caldera-forms-1-6-is-here/",
"refsource" : "CONFIRM",
"url" : "https://calderaforms.com/2018/03/caldera-forms-1-6-is-here/"
},
{
"name" : "https://calderaforms.com/updates/caldera-forms-1-6-0/#security",
"refsource" : "CONFIRM",
"url" : "https://calderaforms.com/updates/caldera-forms-1-6-0/#security"
}
]
}

10
2018/8xxx/CVE-2018-8733.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "44560",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44560/"
},
{
"name" : "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT",
"refsource" : "MISC",
@ -66,6 +71,11 @@
"name" : "https://www.nagios.com/downloads/nagios-xi/change-log/",
"refsource" : "MISC",
"url" : "https://www.nagios.com/downloads/nagios-xi/change-log/"
},
{
"name" : "https://blog.redactedsec.net/exploits/2018/04/26/nagios.html",
"refsource" : "MISC",
"url" : "https://blog.redactedsec.net/exploits/2018/04/26/nagios.html"
}
]
}

10
2018/8xxx/CVE-2018-8734.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "44560",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44560/"
},
{
"name" : "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT",
"refsource" : "MISC",
@ -66,6 +71,11 @@
"name" : "https://www.nagios.com/downloads/nagios-xi/change-log/",
"refsource" : "MISC",
"url" : "https://www.nagios.com/downloads/nagios-xi/change-log/"
},
{
"name" : "https://blog.redactedsec.net/exploits/2018/04/26/nagios.html",
"refsource" : "MISC",
"url" : "https://blog.redactedsec.net/exploits/2018/04/26/nagios.html"
}
]
}

10
2018/8xxx/CVE-2018-8735.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "44560",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44560/"
},
{
"name" : "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT",
"refsource" : "MISC",
@ -66,6 +71,11 @@
"name" : "https://www.nagios.com/downloads/nagios-xi/change-log/",
"refsource" : "MISC",
"url" : "https://www.nagios.com/downloads/nagios-xi/change-log/"
},
{
"name" : "https://blog.redactedsec.net/exploits/2018/04/26/nagios.html",
"refsource" : "MISC",
"url" : "https://blog.redactedsec.net/exploits/2018/04/26/nagios.html"
}
]
}

10
2018/8xxx/CVE-2018-8736.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "44560",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44560/"
},
{
"name" : "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT",
"refsource" : "MISC",
@ -66,6 +71,11 @@
"name" : "https://www.nagios.com/downloads/nagios-xi/change-log/",
"refsource" : "MISC",
"url" : "https://www.nagios.com/downloads/nagios-xi/change-log/"
},
{
"name" : "https://blog.redactedsec.net/exploits/2018/04/26/nagios.html",
"refsource" : "MISC",
"url" : "https://blog.redactedsec.net/exploits/2018/04/26/nagios.html"
}
]
}

48
2018/8xxx/CVE-2018-8900.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8900",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://drive.google.com/file/d/18BaBzGcjWAfJyZ_phWEVerYmmLB-vxF-/view?usp=sharing",
"refsource" : "MISC",
"url" : "https://drive.google.com/file/d/18BaBzGcjWAfJyZ_phWEVerYmmLB-vxF-/view?usp=sharing"
}
]
}

10
2018/9xxx/CVE-2018-9115.json
View File

@ -56,6 +56,16 @@
"name" : "44375",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44375/"
},
{
"name" : "https://packetstormsecurity.com/files/146982",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/146982"
},
{
"name" : "systematic-cve20189115-dos(141099)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141099"
}
]
}

48
2018/9xxx/CVE-2018-9919.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9919",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the \"down_url\" URL into the \"bddlj\" local file if the attacker knows the backdoor \"jmmy\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180501 Backdoor in Tpshop <= 2.0.8 (CVE-2018-9919)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/11"
}
]
}