admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-06-05 17:04:33 -04:00
parent f8c9221b1b
commit 79156e7eb9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
18 changed files with 923 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2017/7xxx/CVE-2017-7635.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7635",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name" : "1041025",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041025"
}
]
}

53
2017/7xxx/CVE-2017-7636.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7636",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name" : "1041025",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041025"
}
]
}

53
2017/7xxx/CVE-2017-7637.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7637",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name" : "1041025",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041025"
}
]
}

53
2017/7xxx/CVE-2017-7639.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7639",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name" : "1041025",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041025"
}
]
}

66
2018/1000xxx/CVE-2018-1000192.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-771"}]},"description": {"description_data": [{"lang": "eng","value": "A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.120 and older, LTS 2.107.2 and older"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T13:57:43.649497","DATE_REQUESTED": "2018-05-09T00:00:00","ID": "CVE-2018-1000192","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-200"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.649497",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000192",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.120 and older, LTS 2.107.2 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-771",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-771"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000193.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-786"}]},"description": {"description_data": [{"lang": "eng","value": "A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.120 and older, LTS 2.107.2 and older"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T13:57:43.650984","DATE_REQUESTED": "2018-05-09T00:00:00","ID": "CVE-2018-1000193","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-150"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.650984",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000193",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.120 and older, LTS 2.107.2 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-150"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-786",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-786"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000194.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788"}]},"description": {"description_data": [{"lang": "eng","value": "A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.120 and older, LTS 2.107.2 and older"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T13:57:43.652065","DATE_REQUESTED": "2018-05-09T00:00:00","ID": "CVE-2018-1000194","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-22"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.652065",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000194",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.120 and older, LTS 2.107.2 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000195.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-794"}]},"description": {"description_data": [{"lang": "eng","value": "A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.120 and older, LTS 2.107.2 and older"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T13:57:43.653459","DATE_REQUESTED": "2018-05-09T00:00:00","ID": "CVE-2018-1000195","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-441, CWE-918"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.653459",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000195",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.120 and older, LTS 2.107.2 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-441, CWE-918"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-794",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-794"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000196.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-263"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.4.2 and older"}]},"product_name": "Jenkins Gitlab Hook Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T13:57:43.654848","DATE_REQUESTED": "2018-05-09T00:00:00","ID": "CVE-2018-1000196","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-522"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.654848",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000196",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Gitlab Hook Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.4.2 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-522"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-263",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-263"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000197.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670"}]},"description": {"description_data": [{"lang": "eng","value": "An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.0.3 and older"}]},"product_name": "Jenkins Black Duck Hub Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T13:57:43.656691","DATE_REQUESTED": "2018-05-09T00:00:00","ID": "CVE-2018-1000197","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.656691",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000197",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Black Duck Hub Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.0.3 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000198.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-671"}]},"description": {"description_data": [{"lang": "eng","value": "A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entitites in an XML document."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.1.0 and older"}]},"product_name": "Jenkins Black Duck Hub Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T13:57:43.658252","DATE_REQUESTED": "2018-05-09T00:00:00","ID": "CVE-2018-1000198","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-611"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.658252",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000198",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Black Duck Hub Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.1.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-611"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-671",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-671"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000202.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821"}]},"description": {"description_data": [{"lang": "eng","value": "A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.3.1 and older"}]},"product_name": "Jenkins Groovy Postbuild Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T13:57:43.659756","DATE_REQUESTED": "2018-05-09T00:00:00","ID": "CVE-2018-1000202","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-79"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.659756",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000202",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Groovy Postbuild Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.3.1 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821"
}
]
}
}

53
2018/10xxx/CVE-2018-10057.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10057",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20180603 CVE-2018-10058 and CVE-2018-10057 - cgminer <=4.10.0 and bfgminer <=5.5.0 remote management api post-auth buffer overflow and path traversal",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/06/03/1"
},
{
"name" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057",
"refsource" : "MISC",
"url" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057"
}
]
}

53
2018/10xxx/CVE-2018-10058.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10058",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20180603 CVE-2018-10058 and CVE-2018-10057 - cgminer <=4.10.0 and bfgminer <=5.5.0 remote management api post-auth buffer overflow and path traversal",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/06/03/1"
},
{
"name" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10058",
"refsource" : "MISC",
"url" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10058"
}
]
}

48
2018/11xxx/CVE-2018-11586.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11586",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html"
}
]
}

55
2018/3xxx/CVE-2018-3617.json
View File

@ -1,32 +1,9 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2018-05-10T00:00:00",
"ID" : "CVE-2018-3617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Integrated Performance Primitives Cryptography Library",
"version" : {
"version_data" : [
{
"version_value" : "before 2018 U2.1"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -35,33 +12,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U2.1 do not properly ensure constant execution time."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00106.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00106.html"
},
{
"name" : "104261",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104261"
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3691. Reason: This candidate is a reservation duplicate of CVE-2018-3691. Notes: All CVE users should reference CVE-2018-3691 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

2
2018/3xxx/CVE-2018-3691.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00106.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00106.html"
}
]

48
2018/7xxx/CVE-2018-7884.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7884",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180601 DisplayLink Installer 8.2.1956 DLL Hijack to privilege escalation CVE-2018-7884",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jun/1"
}
]
}