admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-19 20:00:51 +00:00
parent fc51052ddd
commit 68cf90466f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 2538 additions and 2208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
2018/0xxx/CVE-2018-0143.json
View File

@ -1,19 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0143",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-0143",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

34
2018/0xxx/CVE-2018-0153.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0153",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-0153",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

34
2018/0xxx/CVE-2018-0191.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0191",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-0191",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

34
2018/0xxx/CVE-2018-0236.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0236",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-0236",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

32
2018/0xxx/CVE-2018-0246.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0246",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-0246",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

35
2018/0xxx/CVE-2018-0265.json
View File

@ -1,19 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0265",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-0265",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

10
2018/11xxx/CVE-2018-11767.json
View File

@ -33,10 +33,12 @@
"problemtype": {
"problemtype_data": [
{
"description": {
"lang": "eng",
"value": "Privilege Escalation"
}
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},

162
2018/17xxx/CVE-2018-17482.json
View File

@ -1,84 +1,84 @@
{
"description" : {
"description_data" : [
{
"value" : "Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "X-Force Vulnerability Report",
"name" : "lobby-track-cve201817482-info-disc (149642)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149642"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.2.186"
}
]
},
"product_name" : "Lobby Track Desktop"
}
]
},
"vendor_name" : "Jolly Technologies"
"value": "Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information.",
"lang": "eng"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "R",
"E" : "U",
"RL" : "U"
},
"BM" : {
"AC" : "L",
"C" : "L",
"SCORE" : "4.000",
"I" : "N",
"AV" : "L",
"PR" : "N",
"A" : "N",
"UI" : "N",
"S" : "U"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-17482",
"STATE" : "PUBLIC"
}
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "X-Force Vulnerability Report",
"name": "lobby-track-cve201817482-info-disc (149642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149642"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.2.186"
}
]
},
"product_name": "Lobby Track Desktop"
}
]
},
"vendor_name": "Jolly Technologies"
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "R",
"E": "U",
"RL": "U"
},
"BM": {
"AC": "L",
"C": "L",
"SCORE": "4.000",
"I": "N",
"AV": "L",
"PR": "N",
"A": "N",
"UI": "N",
"S": "U"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2018-17482",
"STATE": "PUBLIC"
}
}

162
2018/17xxx/CVE-2018-17483.json
View File

@ -1,84 +1,84 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149643",
"title" : "X-Force Vulnerability Report",
"name" : "lobby-track-cve201817483-info-disc (149643)"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information."
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-17483"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.2.186"
}
]
},
"product_name" : "Lobby Track Desktop"
}
]
},
"vendor_name" : "Jolly Technologies"
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149643",
"title": "X-Force Vulnerability Report",
"name": "lobby-track-cve201817483-info-disc (149643)"
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "L",
"A" : "N",
"PR" : "N",
"I" : "N",
"UI" : "N",
"S" : "U",
"C" : "L",
"AC" : "H",
"SCORE" : "2.900"
},
"TM" : {
"RC" : "R",
"E" : "U",
"RL" : "U"
}
}
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information."
}
]
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2018-17483"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.2.186"
}
]
},
"product_name": "Lobby Track Desktop"
}
]
},
"vendor_name": "Jolly Technologies"
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"AV": "L",
"A": "N",
"PR": "N",
"I": "N",
"UI": "N",
"S": "U",
"C": "L",
"AC": "H",
"SCORE": "2.900"
},
"TM": {
"RC": "R",
"E": "U",
"RL": "U"
}
}
}
}

162
2018/17xxx/CVE-2018-17484.json
View File

@ -1,84 +1,84 @@
{
"references" : {
"reference_data" : [
{
"title" : "X-Force Vulnerability Report",
"name" : "lobby-track-cve201817484-info-disc (149644)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149644"
}
]
},
"description" : {
"description_data" : [
{
"value" : "Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in kiosk breakout, an attacker could exploit this vulnerability to view and edit the database.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "Jolly Technologies",
"product" : {
"product_data" : [
{
"product_name" : "Lobby Track Desktop",
"version" : {
"version_data" : [
{
"version_value" : "8.2.186"
}
]
}
}
]
}
"title": "X-Force Vulnerability Report",
"name": "lobby-track-cve201817484-info-disc (149644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149644"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "R",
"E" : "U",
"RL" : "U"
},
"BM" : {
"I" : "L",
"AV" : "L",
"A" : "N",
"PR" : "N",
"UI" : "N",
"S" : "U",
"AC" : "H",
"C" : "L",
"SCORE" : "4.000"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2018-17484",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-04T00:00:00"
}
}
]
},
"description": {
"description_data": [
{
"value": "Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in kiosk breakout, an attacker could exploit this vulnerability to view and edit the database.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jolly Technologies",
"product": {
"product_data": [
{
"product_name": "Lobby Track Desktop",
"version": {
"version_data": [
{
"version_value": "8.2.186"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "R",
"E": "U",
"RL": "U"
},
"BM": {
"I": "L",
"AV": "L",
"A": "N",
"PR": "N",
"UI": "N",
"S": "U",
"AC": "H",
"C": "L",
"SCORE": "4.000"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-17484",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00"
}
}

162
2018/17xxx/CVE-2018-17485.json
View File

@ -1,84 +1,84 @@
{
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149645",
"title" : "X-Force Vulnerability Report",
"name" : "lobby-track-cve201817485-default-account (149645)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"UI" : "N",
"I" : "H",
"PR" : "N",
"A" : "H",
"AV" : "L",
"SCORE" : "8.400",
"C" : "H",
"AC" : "L"
},
"TM" : {
"RL" : "U",
"E" : "U",
"RC" : "R"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"vendor_name" : "Jolly Technologies",
"product" : {
"product_data" : [
{
"product_name" : "Lobby Track Desktop",
"version" : {
"version_data" : [
{
"version_value" : "8.2.186"
}
]
}
}
]
}
"value": "Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.",
"lang": "eng"
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2018-17485",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-04T00:00:00"
},
"data_format" : "MITRE"
}
]
},
"references": {
"reference_data": [
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149645",
"title": "X-Force Vulnerability Report",
"name": "lobby-track-cve201817485-default-account (149645)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"UI": "N",
"I": "H",
"PR": "N",
"A": "H",
"AV": "L",
"SCORE": "8.400",
"C": "H",
"AC": "L"
},
"TM": {
"RL": "U",
"E": "U",
"RC": "R"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jolly Technologies",
"product": {
"product_data": [
{
"product_name": "Lobby Track Desktop",
"version": {
"version_data": [
{
"version_value": "8.2.186"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-17485",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00"
},
"data_format": "MITRE"
}

164
2018/17xxx/CVE-2018-17486.json
View File

@ -1,84 +1,84 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Lobby Track Desktop",
"version" : {
"version_data" : [
{
"version_value" : "8.2.186"
}
]
}
}
]
},
"vendor_name" : "Jolly Technologies"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "R",
"RL" : "U",
"E" : "U"
},
"BM" : {
"C" : "N",
"AC" : "H",
"SCORE" : "2.900",
"I" : "L",
"AV" : "L",
"PR" : "N",
"A" : "N",
"UI" : "N",
"S" : "U"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-17486"
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Bypass Security",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lobby Track Desktop",
"version": {
"version_data": [
{
"version_value": "8.2.186"
}
]
}
}
]
},
"vendor_name": "Jolly Technologies"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "X-Force Vulnerability Report",
"name" : "lobby-track-cve201817486-sec-bypass (149646)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149646"
}
]
}
}
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "R",
"RL": "U",
"E": "U"
},
"BM": {
"C": "N",
"AC": "H",
"SCORE": "2.900",
"I": "L",
"AV": "L",
"PR": "N",
"A": "N",
"UI": "N",
"S": "U"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2018-17486"
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Bypass Security",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "X-Force Vulnerability Report",
"name": "lobby-track-cve201817486-sec-bypass (149646)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149646"
}
]
}
}

162
2018/17xxx/CVE-2018-17487.json
View File

@ -1,84 +1,84 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and signing in as a visitor, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "X-Force Vulnerability Report",
"name" : "lobby-track-cve201817487-priv-esc (149647)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149647"
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.2.186"
}
]
},
"product_name" : "Lobby Track Desktop"
}
]
},
"vendor_name" : "Jolly Technologies"
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "R",
"E" : "U",
"RL" : "U"
},
"BM" : {
"C" : "H",
"AC" : "L",
"SCORE" : "8.400",
"I" : "H",
"A" : "H",
"PR" : "N",
"AV" : "L",
"S" : "U",
"UI" : "N"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2018-17487",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-04T00:00:00"
},
"data_type" : "CVE"
}
]
},
"description": {
"description_data": [
{
"value": "Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and signing in as a visitor, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "X-Force Vulnerability Report",
"name": "lobby-track-cve201817487-priv-esc (149647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149647"
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.2.186"
}
]
},
"product_name": "Lobby Track Desktop"
}
]
},
"vendor_name": "Jolly Technologies"
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "R",
"E": "U",
"RL": "U"
},
"BM": {
"C": "H",
"AC": "L",
"SCORE": "8.400",
"I": "H",
"A": "H",
"PR": "N",
"AV": "L",
"S": "U",
"UI": "N"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2018-17487",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00"
},
"data_type": "CVE"
}

162
2018/17xxx/CVE-2018-17488.json
View File

@ -1,84 +1,84 @@
{
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and accessing the print badge screen, an attacker could exploit this vulnerability using the command line to break out of kiosk mode."
}
]
},
"references" : {
"reference_data" : [
{
"title" : "X-Force Vulnerability Report",
"name" : "lobby-track-cve201817488-priv-esc (149648)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149648"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2018-17488",
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"S" : "U",
"AV" : "L",
"A" : "H",
"PR" : "N",
"I" : "H",
"SCORE" : "8.400",
"AC" : "L",
"C" : "H"
},
"TM" : {
"E" : "U",
"RL" : "U",
"RC" : "R"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"description": {
"description_data": [
{
"vendor_name" : "Jolly Technologies",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.2.186"
}
]
},
"product_name" : "Lobby Track Desktop"
}
]
}
"lang": "eng",
"value": "Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and accessing the print badge screen, an attacker could exploit this vulnerability using the command line to break out of kiosk mode."
}
]
}
}
}
]
},
"references": {
"reference_data": [
{
"title": "X-Force Vulnerability Report",
"name": "lobby-track-cve201817488-priv-esc (149648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149648"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2018-17488",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"S": "U",
"AV": "L",
"A": "H",
"PR": "N",
"I": "H",
"SCORE": "8.400",
"AC": "L",
"C": "H"
},
"TM": {
"E": "U",
"RL": "U",
"RC": "R"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jolly Technologies",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.2.186"
}
]
},
"product_name": "Lobby Track Desktop"
}
]
}
}
]
}
}
}

164
2018/17xxx/CVE-2018-17489.json
View File

@ -1,102 +1,84 @@
{
"references" : {
"reference_data" : [
{
"title" : "X-Force Vulnerability Report",
"name" : "easylobby-cve201817489-info-disc (149649)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149649"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers."
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "HID Global",
"product" : {
"product_data" : [
{
"product_name" : "EasyLobby Solo",
"version" : {
"version_data" : [
{
"version_value" : "11.0.4563"
}
]
}
}
]
}
"title": "X-Force Vulnerability Report",
"name": "easylobby-cve201817489-info-disc (149649)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149649"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"S" : "U",
"UI" : "N",
"I" : "N",
"A" : "N",
"PR" : "N",
"AV" : "L",
"SCORE" : "2.900",
"C" : "L",
"AC" : "H"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-17489"
}
}
=======
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17489",
"STATE": "RESERVED"
]
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers."
}
]
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HID Global",
"product": {
"product_data": [
{
"product_name": "EasyLobby Solo",
"version": {
"version_data": [
{
"version_value": "11.0.4563"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"S": "U",
"UI": "N",
"I": "N",
"A": "N",
"PR": "N",
"AV": "L",
"SCORE": "2.900",
"C": "L",
"AC": "H"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2018-17489"
}
}
}

162
2018/17xxx/CVE-2018-17490.json
View File

@ -1,84 +1,84 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"S" : "U",
"I" : "H",
"AV" : "L",
"PR" : "N",
"A" : "H",
"SCORE" : "7.700",
"AC" : "L",
"C" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "HID Global",
"product" : {
"product_data" : [
{
"product_name" : "EasyLobby Solo",
"version" : {
"version_data" : [
{
"version_value" : "11.0.4563"
}
]
}
}
]
}
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"S": "U",
"I": "H",
"AV": "L",
"PR": "N",
"A": "H",
"SCORE": "7.700",
"AC": "L",
"C": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2018-17490",
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HID Global",
"product": {
"product_data": [
{
"product_name": "EasyLobby Solo",
"version": {
"version_data": [
{
"version_value": "11.0.4563"
}
]
}
}
]
}
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will."
}
]
},
"references" : {
"reference_data" : [
{
"title" : "X-Force Vulnerability Report",
"name" : "easylobby-task-manager-cve201817490-dos (149650)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149650"
}
]
},
"data_version" : "4.0"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2018-17490",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_format": "MITRE",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will."
}
]
},
"references": {
"reference_data": [
{
"title": "X-Force Vulnerability Report",
"name": "easylobby-task-manager-cve201817490-dos (149650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149650"
}
]
},
"data_version": "4.0"
}

162
2018/17xxx/CVE-2018-17491.json
View File

@ -1,84 +1,84 @@
{
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-17491",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "L",
"C" : "H",
"SCORE" : "8.400",
"PR" : "N",
"A" : "H",
"AV" : "L",
"I" : "H",
"S" : "U",
"UI" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "EasyLobby Solo",
"version" : {
"version_data" : [
{
"version_value" : "11.0.4563"
}
]
}
}
]
},
"vendor_name" : "HID Global"
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2018-17491",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AC": "L",
"C": "H",
"SCORE": "8.400",
"PR": "N",
"A": "H",
"AV": "L",
"I": "H",
"S": "U",
"UI": "N"
}
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing \"esc\" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149651",
"refsource" : "XF",
"name" : "easylobby-program-cve201817491-priv-esc (149651)",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EasyLobby Solo",
"version": {
"version_data": [
{
"version_value": "11.0.4563"
}
]
}
}
]
},
"vendor_name": "HID Global"
}
]
}
]
}
}
}
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing \"esc\" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149651",
"refsource": "XF",
"name": "easylobby-program-cve201817491-priv-esc (149651)",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
}
}

160
2018/17xxx/CVE-2018-17492.json
View File

@ -1,84 +1,84 @@
{
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "L",
"PR" : "N",
"A" : "H",
"I" : "H",
"UI" : "N",
"S" : "U",
"C" : "H",
"AC" : "L",
"SCORE" : "8.400"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "HID Global",
"product" : {
"product_data" : [
{
"product_name" : "EasyLobby Solo",
"version" : {
"version_data" : [
{
"version_value" : "11.0.4563"
}
]
}
}
]
}
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"AV": "L",
"PR": "N",
"A": "H",
"I": "H",
"UI": "N",
"S": "U",
"C": "H",
"AC": "L",
"SCORE": "8.400"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-17492"
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149652",
"refsource" : "XF",
"name" : "easylobby-cve201817492-default-account (149652)",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HID Global",
"product": {
"product_data": [
{
"product_name": "EasyLobby Solo",
"version": {
"version_data": [
{
"version_value": "11.0.4563"
}
]
}
}
]
}
}
]
}
]
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2018-17492"
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149652",
"refsource": "XF",
"name": "easylobby-cve201817492-default-account (149652)",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
}

162
2018/17xxx/CVE-2018-17493.json
View File

@ -1,84 +1,84 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system."
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149653",
"title" : "X-Force Vulnerability Report",
"name" : "evisitorpass-fullscreen-cve201817493-pri-esc (149653)"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"C" : "H",
"SCORE" : "8.400",
"I" : "H",
"AV" : "L",
"A" : "H",
"PR" : "N",
"UI" : "N",
"S" : "U"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.5.5.2"
}
]
},
"product_name" : "eVisitorPass"
}
]
},
"vendor_name" : "VisitorPass"
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2018-17493",
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"data_type" : "CVE"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system."
}
]
},
"references": {
"reference_data": [
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149653",
"title": "X-Force Vulnerability Report",
"name": "evisitorpass-fullscreen-cve201817493-pri-esc (149653)"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"C": "H",
"SCORE": "8.400",
"I": "H",
"AV": "L",
"A": "H",
"PR": "N",
"UI": "N",
"S": "U"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
},
"product_name": "eVisitorPass"
}
]
},
"vendor_name": "VisitorPass"
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2018-17493",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_format": "MITRE",
"data_type": "CVE"
}

162
2018/17xxx/CVE-2018-17494.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2018-17494",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-04T00:00:00"
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"I" : "H",
"AV" : "L",
"A" : "H",
"PR" : "N",
"UI" : "N",
"S" : "U",
"AC" : "L",
"C" : "H",
"SCORE" : "8.400"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.5.5.2"
}
]
},
"product_name" : "eVisitorPass"
}
]
},
"vendor_name" : "VisitorPass"
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2018-17494",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00"
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"I": "H",
"AV": "L",
"A": "H",
"PR": "N",
"UI": "N",
"S": "U",
"AC": "L",
"C": "H",
"SCORE": "8.400"
}
]
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
},
"product_name": "eVisitorPass"
}
]
},
"vendor_name": "VisitorPass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "evisitorpass-startmenu-cve201817494-priv-esc (149654)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149654",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"value" : "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system.",
"lang" : "eng"
}
]
},
"data_version" : "4.0"
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "evisitorpass-startmenu-cve201817494-priv-esc (149654)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149654",
"refsource": "XF"
}
]
},
"description": {
"description_data": [
{
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system.",
"lang": "eng"
}
]
},
"data_version": "4.0"
}

164
2018/17xxx/CVE-2018-17495.json
View File

@ -1,84 +1,84 @@
{
"data_type" : "CVE",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2018-17495",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "eVisitorPass",
"version" : {
"version_data" : [
{
"version_value" : "1.5.5.2"
}
]
}
}
]
},
"vendor_name" : "VisitorPass"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "N",
"S" : "U",
"I" : "H",
"AV" : "L",
"A" : "H",
"PR" : "N",
"SCORE" : "8.400",
"AC" : "L",
"C" : "H"
}
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149655",
"refsource" : "XF",
"name" : "evisitorpass-help-dialog-cve201817495-pri-esc (149655)",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-17495",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eVisitorPass",
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
}
}
]
},
"vendor_name": "VisitorPass"
}
]
}
]
}
}
}
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"UI": "N",
"S": "U",
"I": "H",
"AV": "L",
"A": "H",
"PR": "N",
"SCORE": "8.400",
"AC": "L",
"C": "H"
}
}
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149655",
"refsource": "XF",
"name": "evisitorpass-help-dialog-cve201817495-pri-esc (149655)",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
}
}

164
2018/17xxx/CVE-2018-17496.json
View File

@ -1,84 +1,84 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.5.5.2"
}
]
},
"product_name" : "eVisitorPass"
}
]
},
"vendor_name" : "VisitorPass"
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "H",
"AC" : "L",
"SCORE" : "8.400",
"I" : "H",
"A" : "H",
"PR" : "N",
"AV" : "L",
"S" : "U",
"UI" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2018-17496",
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
},
"product_name": "eVisitorPass"
}
]
},
"vendor_name": "VisitorPass"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149656",
"refsource" : "XF",
"name" : "evisitorpass-kiosk-cve201817496-priv-esc (149656)",
"title" : "X-Force Vulnerability Report"
}
]
}
}
}
},
"impact": {
"cvssv3": {
"BM": {
"C": "H",
"AC": "L",
"SCORE": "8.400",
"I": "H",
"A": "H",
"PR": "N",
"AV": "L",
"S": "U",
"UI": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2018-17496",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149656",
"refsource": "XF",
"name": "evisitorpass-kiosk-cve201817496-priv-esc (149656)",
"title": "X-Force Vulnerability Report"
}
]
}
}

162
2018/17xxx/CVE-2018-17497.json
View File

@ -1,84 +1,84 @@
{
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-17497",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"AV" : "L",
"A" : "H",
"PR" : "N",
"UI" : "N",
"S" : "U",
"C" : "H",
"AC" : "L",
"SCORE" : "8.400"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "VisitorPass",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.5.5.2"
}
]
},
"product_name" : "eVisitorPass"
}
]
}
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2018-17497",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"AV": "L",
"A": "H",
"PR": "N",
"UI": "N",
"S": "U",
"C": "H",
"AC": "L",
"SCORE": "8.400"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
]
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application."
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149657",
"refsource" : "XF",
"name" : "evisitorpass-cve201817497-default-account (149657)",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VisitorPass",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
},
"product_name": "eVisitorPass"
}
]
}
}
]
}
]
}
}
}
},
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application."
}
]
},
"references": {
"reference_data": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149657",
"refsource": "XF",
"name": "evisitorpass-cve201817497-default-account (149657)",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
}

182
2018/17xxx/CVE-2018-17499.json
View File

@ -1,94 +1,94 @@
{
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149659",
"refsource" : "XF",
"name" : "envoy-api-key-cve201817499-info-disc (149659)",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"value" : "Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ID" : "CVE-2018-17499",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "Envoy",
"product" : {
"product_data" : [
{
"product_name" : "Envoy Passport for iPhone",
"version" : {
"version_data" : [
{
"version_value" : "2.2.5"
}
]
}
},
{
"product_name" : "Envoy Passport for Android",
"version" : {
"version_data" : [
{
"version_value" : "2.4.0"
}
]
}
}
]
}
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149659",
"refsource": "XF",
"name": "envoy-api-key-cve201817499-info-disc (149659)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "H",
"C" : "L",
"SCORE" : "2.900",
"I" : "N",
"PR" : "N",
"A" : "N",
"AV" : "L",
"S" : "U",
"UI" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
}
}
]
},
"description": {
"description_data": [
{
"value": "Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-17499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Envoy",
"product": {
"product_data": [
{
"product_name": "Envoy Passport for iPhone",
"version": {
"version_data": [
{
"version_value": "2.2.5"
}
]
}
},
{
"product_name": "Envoy Passport for Android",
"version": {
"version_data": [
{
"version_value": "2.4.0"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"AC": "H",
"C": "L",
"SCORE": "2.900",
"I": "N",
"PR": "N",
"A": "N",
"AV": "L",
"S": "U",
"UI": "N"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
}
}

182
2018/17xxx/CVE-2018-17500.json
View File

@ -1,94 +1,94 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "X-Force Vulnerability Report",
"name" : "envoy-oauthcreds-cve201817500-info-disc (149660)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149660"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ID" : "CVE-2018-17500",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"C" : "L",
"AC" : "H",
"SCORE" : "2.900",
"I" : "N",
"AV" : "L",
"A" : "N",
"PR" : "N",
"UI" : "N",
"S" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "Envoy",
"product" : {
"product_data" : [
{
"product_name" : "Envoy Passport for iPhone",
"version" : {
"version_data" : [
{
"version_value" : "2.2.5"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "2.4.0"
}
]
},
"product_name" : "Envoy Passport for Android"
}
]
}
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"data_type" : "CVE"
}
]
},
"description": {
"description_data": [
{
"value": "Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "X-Force Vulnerability Report",
"name": "envoy-oauthcreds-cve201817500-info-disc (149660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149660"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-17500",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"C": "L",
"AC": "H",
"SCORE": "2.900",
"I": "N",
"AV": "L",
"A": "N",
"PR": "N",
"UI": "N",
"S": "U"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Envoy",
"product": {
"product_data": [
{
"product_name": "Envoy Passport for iPhone",
"version": {
"version_data": [
{
"version_value": "2.2.5"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "2.4.0"
}
]
},
"product_name": "Envoy Passport for Android"
}
]
}
}
]
}
},
"data_type": "CVE"
}

160
2018/17xxx/CVE-2018-17502.json
View File

@ -1,84 +1,84 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "receptionist-contacts-cve201817502-info-disc (149662)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149662",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "Los Trigos, Inc",
"product" : {
"product_data" : [
{
"product_name" : "The Receptionist for iPad",
"version" : {
"version_data" : [
{
"version_value" : "4.0.4"
}
]
}
}
]
}
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"A" : "N",
"AV" : "L",
"I" : "N",
"S" : "U",
"UI" : "N",
"AC" : "L",
"C" : "L",
"SCORE" : "4.000"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-17502"
},
"data_type" : "CVE"
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"name": "receptionist-contacts-cve201817502-info-disc (149662)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149662",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Los Trigos, Inc",
"product": {
"product_data": [
{
"product_name": "The Receptionist for iPad",
"version": {
"version_data": [
{
"version_value": "4.0.4"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"A": "N",
"AV": "L",
"I": "N",
"S": "U",
"UI": "N",
"AC": "L",
"C": "L",
"SCORE": "4.000"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2018-17502"
},
"data_type": "CVE"
}

10
2018/6xxx/CVE-2018-6517.json
View File

@ -33,10 +33,12 @@
"problemtype": {
"problemtype_data": [
{
"description": {
"lang": "eng",
"value": "Improper handling of known_hosts file"
}
"description": [
{
"lang": "eng",
"value": "Improper handling of known_hosts file"
}
]
}
]
},

5
2019/1003xxx/CVE-2019-1003000.json
View File

@ -78,6 +78,11 @@
"refsource": "MISC",
"name": "http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming",
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming"
},
{
"refsource": "EXPLOIT-DB",
"name": "46572",
"url": "https://www.exploit-db.com/exploits/46572/"
}
]
}

5
2019/1003xxx/CVE-2019-1003001.json
View File

@ -73,6 +73,11 @@
"refsource": "MISC",
"name": "http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming",
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming"
},
{
"refsource": "EXPLOIT-DB",
"name": "46572",
"url": "https://www.exploit-db.com/exploits/46572/"
}
]
}

5
2019/1003xxx/CVE-2019-1003002.json
View File

@ -73,6 +73,11 @@
"refsource": "MISC",
"name": "http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming",
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming"
},
{
"refsource": "EXPLOIT-DB",
"name": "46572",
"url": "https://www.exploit-db.com/exploits/46572/"
}
]
}

10
2019/5xxx/CVE-2019-5413.json
View File

@ -33,10 +33,12 @@
"problemtype": {
"problemtype_data": [
{
"description": {
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},

10
2019/5xxx/CVE-2019-5415.json
View File

@ -33,10 +33,12 @@
"problemtype": {
"problemtype_data": [
{
"description": {
"lang": "eng",
"value": "Information Exposure Through Directory Listing (CWE-548)"
}
"description": [
{
"lang": "eng",
"value": "Information Exposure Through Directory Listing (CWE-548)"
}
]
}
]
},

53
2019/6xxx/CVE-2019-6274.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6274",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "EXPLOIT-DB",
"name": "46179",
"url": "https://www.exploit-db.com/exploits/46179/"
},
{
"url": "http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html"
}
]
}

53
2019/6xxx/CVE-2019-6275.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6275",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "EXPLOIT-DB",
"name": "46179",
"url": "https://www.exploit-db.com/exploits/46179/"
},
{
"url": "http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html"
}
]
}

53
2019/6xxx/CVE-2019-6279.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6279",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151274/PLC-Wireless-Router-GPN2.4P21-C-CN-Incorrect-Access-Control.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151274/PLC-Wireless-Router-GPN2.4P21-C-CN-Incorrect-Access-Control.html"
},
{
"url": "https://www.youtube.com/watch?v=-cw04rOYREQ",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=-cw04rOYREQ"
}
]
}

118
2019/6xxx/CVE-2019-6727.json
View File

@ -1,63 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7347."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7347."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-133/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-133/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-133/"
}
]
}
}

118
2019/6xxx/CVE-2019-6728.json
View File

@ -1,63 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-7353."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7353."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-134/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-134/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-134/"
}
]
}
}

118
2019/6xxx/CVE-2019-6729.json
View File

@ -1,63 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7423."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7423."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-135/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-135/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-135/"
}
]
}
}

118
2019/6xxx/CVE-2019-6730.json
View File

@ -1,63 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the popUpMenu method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7368."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the popUpMenu method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7368."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-136/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-136/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-136/"
}
]
}
}

118
2019/6xxx/CVE-2019-6731.json
View File

@ -1,63 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7369."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7369."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-137/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-137/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-137/"
}
]
}
}

118
2019/6xxx/CVE-2019-6732.json
View File

@ -1,63 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the AFParseDateEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7453."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFParseDateEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7453."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-138/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-138/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-138/"
}
]
}
}

118
2019/6xxx/CVE-2019-6733.json
View File

@ -1,63 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7576."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7576."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-139/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-139/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-139/"
}
]
}
}

118
2019/6xxx/CVE-2019-6734.json
View File

@ -1,63 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the setInterval method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-7452."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7452."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-140/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-140/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-140/"
}
]
}
}

118
2019/6xxx/CVE-2019-6735.json
View File

@ -1,63 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-6735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.3.0.10826"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7355."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7355."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-141/"
},
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-141/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-141/"
}
]
}
}

18
2019/9xxx/CVE-2019-9879.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9879",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9880.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9880",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9881.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9881",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9882.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9882",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9883.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9883",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9884.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9884",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9885.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9885",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/9xxx/CVE-2019-9886.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9886",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}