admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-05-22 15:06:27 -04:00
parent fea20fd64f
commit 7c42df6397
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
12 changed files with 636 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2018/11xxx/CVE-2018-11375.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11375", "ID" : "CVE-2018-11375",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68"
},
{
"name" : "https://github.com/radare/radare2/issues/9928",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/9928"
} }
] ]
} }

53
2018/11xxx/CVE-2018-11376.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11376", "ID" : "CVE-2018-11376",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf"
},
{
"name" : "https://github.com/radare/radare2/issues/9904",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/9904"
} }
] ]
} }

58
2018/11xxx/CVE-2018-11377.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11377", "ID" : "CVE-2018-11377",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4"
},
{
"name" : "https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422"
},
{
"name" : "https://github.com/radare/radare2/issues/9901",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/9901"
} }
] ]
} }

53
2018/11xxx/CVE-2018-11378.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11378", "ID" : "CVE-2018-11378",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7"
},
{
"name" : "https://github.com/radare/radare2/issues/9969",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/9969"
} }
] ]
} }

53
2018/11xxx/CVE-2018-11379.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11379", "ID" : "CVE-2018-11379",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c"
},
{
"name" : "https://github.com/radare/radare2/issues/9926",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/9926"
} }
] ]
} }

53
2018/11xxx/CVE-2018-11380.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11380", "ID" : "CVE-2018-11380",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134"
},
{
"name" : "https://github.com/radare/radare2/issues/9970",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/9970"
} }
] ]
} }

53
2018/11xxx/CVE-2018-11381.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11381", "ID" : "CVE-2018-11381",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3"
},
{
"name" : "https://github.com/radare/radare2/issues/9902",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/9902"
} }
] ]
} }

53
2018/11xxx/CVE-2018-11382.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11382", "ID" : "CVE-2018-11382",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff"
},
{
"name" : "https://github.com/radare/radare2/issues/10091",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/10091"
} }
] ]
} }

53
2018/11xxx/CVE-2018-11383.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11383", "ID" : "CVE-2018-11383",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a"
},
{
"name" : "https://github.com/radare/radare2/issues/9943",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/9943"
} }
] ]
} }

53
2018/11xxx/CVE-2018-11384.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11384", "ID" : "CVE-2018-11384",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add"
},
{
"name" : "https://github.com/radare/radare2/issues/9903",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/9903"
} }
] ]
} }

124
2018/6xxx/CVE-2018-6492.json
View File

@ -1,113 +1,113 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "security@microfocus.com", "ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC": "2018-05-09T19:01:00.000Z", "DATE_PUBLIC" : "2018-05-09T19:01:00.000Z",
"ID": "CVE-2018-6492", "ID" : "CVE-2018-6492",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"TITLE": "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities" "TITLE" : "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [ "vendor_data" : [
{ {
"product": { "product" : {
"product_data": [ "product_data" : [
{ {
"product_name": "Network Operations Management Ultimate", "product_name" : "Network Operations Management Ultimate",
"version": { "version" : {
"version_data": [ "version_data" : [
{ {
"version_value": "2017.07, 2017.11, 2018.02" "version_value" : "2017.07, 2017.11, 2018.02"
} }
] ]
} }
}, },
{ {
"product_name": "Network Automation", "product_name" : "Network Automation",
"version": { "version" : {
"version_data": [ "version_data" : [
{ {
"version_value": "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50" "version_value" : "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50"
} }
] ]
} }
} }
] ]
}, },
"vendor_name": "Micro Focus" "vendor_name" : "Micro Focus"
} }
] ]
} }
}, },
"credit": [ "credit" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com." "value" : "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com."
} }
], ],
"data_format": "MITRE", "data_format" : "MITRE",
"data_type": "CVE", "data_type" : "CVE",
"data_version": "4.0", "data_version" : "4.0",
"description": { "description" : {
"description_data": [ "description_data" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "Persistent Cross-Site Scripting, and non-persistent HTML Injection in Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection. \n\n" "value" : "Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection."
} }
] ]
}, },
"exploit": [ "exploit" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "Remote Cross-Site Scripting (XSS)" "value" : "Remote Cross-Site Scripting (XSS)"
} }
], ],
"impact": { "impact" : {
"cvss": { "cvss" : {
"attackComplexity": "HIGH", "attackComplexity" : "HIGH",
"attackVector": "NETWORK", "attackVector" : "NETWORK",
"availabilityImpact": "NONE", "availabilityImpact" : "NONE",
"baseScore": 4.7, "baseScore" : 4.7,
"baseSeverity": "MEDIUM", "baseSeverity" : "MEDIUM",
"confidentialityImpact": "LOW", "confidentialityImpact" : "LOW",
"integrityImpact": "LOW", "integrityImpact" : "LOW",
"privilegesRequired": "NONE", "privilegesRequired" : "NONE",
"scope": "CHANGED", "scope" : "CHANGED",
"userInteraction": "REQUIRED", "userInteraction" : "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0" "version" : "3.0"
} }
}, },
"problemtype": { "problemtype" : {
"problemtype_data": [ "problemtype_data" : [
{ {
"description": [ "description" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "Remote Cross-Site Scripting (XSS)" "value" : "Remote Cross-Site Scripting (XSS)"
} }
] ]
}, },
{ {
"description": [ "description" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "non-persistent HTML Injection" "value" : "non-persistent HTML Injection"
} }
] ]
} }
] ]
}, },
"references": { "references" : {
"reference_data": [ "reference_data" : [
{ {
"refsource": "CONFIRM", "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014" "refsource" : "CONFIRM",
"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014"
} }
] ]
}, },
"source": { "source" : {
"discovery": "UNKNOWN" "discovery" : "UNKNOWN"
} }
} }

117
2018/6xxx/CVE-2018-6493.json
View File

@ -1,104 +1,105 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "security@microfocus.com", "ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC": "2018-05-09T19:01:00.000Z", "DATE_PUBLIC" : "2018-05-09T19:01:00.000Z",
"ID": "CVE-2018-6493", "ID" : "CVE-2018-6493",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"TITLE": "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities" "TITLE" : "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [ "vendor_data" : [
{ {
"product": { "product" : {
"product_data": [ "product_data" : [
{ {
"product_name": "Network Operations Management Ultimate", "product_name" : "Network Operations Management Ultimate",
"version": { "version" : {
"version_data": [ "version_data" : [
{ {
"version_value": "2017.07, 2017.11, 2018.02" "version_value" : "2017.07, 2017.11, 2018.02"
} }
] ]
} }
}, },
{ {
"product_name": "Network Automation", "product_name" : "Network Automation",
"version": { "version" : {
"version_data": [ "version_data" : [
{ {
"version_value": "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50" "version_value" : "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50"
} }
] ]
} }
} }
] ]
}, },
"vendor_name": "Micro Focus" "vendor_name" : "Micro Focus"
} }
] ]
} }
}, },
"credit": [ "credit" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com." "value" : "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com."
} }
], ],
"data_format": "MITRE", "data_format" : "MITRE",
"data_type": "CVE", "data_type" : "CVE",
"data_version": "4.0", "data_version" : "4.0",
"description": { "description" : {
"description_data": [ "description_data" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "SQL Injection in Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. \n" "value" : "SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection."
} }
] ]
}, },
"exploit": [ "exploit" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "SQL Injection" "value" : "SQL Injection"
} }
], ],
"impact": { "impact" : {
"cvss": { "cvss" : {
"attackComplexity": "HIGH", "attackComplexity" : "HIGH",
"attackVector": "NETWORK", "attackVector" : "NETWORK",
"availabilityImpact": "NONE", "availabilityImpact" : "NONE",
"baseScore": 8.7, "baseScore" : 8.7,
"baseSeverity": "HIGH", "baseSeverity" : "HIGH",
"confidentialityImpact": "HIGH", "confidentialityImpact" : "HIGH",
"integrityImpact": "HIGH", "integrityImpact" : "HIGH",
"privilegesRequired": "NONE", "privilegesRequired" : "NONE",
"scope": "CHANGED", "scope" : "CHANGED",
"userInteraction": "NONE", "userInteraction" : "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0" "version" : "3.0"
} }
}, },
"problemtype": { "problemtype" : {
"problemtype_data": [ "problemtype_data" : [
{ {
"description": [ "description" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "SQL Injection" "value" : "SQL Injection"
} }
] ]
} }
] ]
}, },
"references": { "references" : {
"reference_data": [ "reference_data" : [
{ {
"refsource": "CONFIRM", "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014" "refsource" : "CONFIRM",
"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014"
} }
] ]
}, },
"source": { "source" : {
"discovery": "UNKNOWN" "discovery" : "UNKNOWN"
} }
} }