admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-06-01 11:04:05 -04:00
parent 15eb688e84
commit 7e8330c121
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
17 changed files with 444 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2014/10xxx/CVE-2014-10065.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Certain input when passed into remarkable before 1.4.1 will bypass the bad prototcol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content."
"value" : "Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content."
}
]
},

2
2016/10xxx/CVE-2016-10550.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "sequalize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier."
"value" : "sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier."
}
]
},

2
2016/10xxx/CVE-2016-10553.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "sequalize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier."
"value" : "sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier."
}
]
},

5
2017/17xxx/CVE-2017-17557.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html",
"refsource" : "MISC",
"url" : "https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",

2
2017/2xxx/CVE-2017-2852.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
}
]

2
2017/2xxx/CVE-2017-2858.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
}
]

6
2017/2xxx/CVE-2017-2860.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
"value" : "An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
@ -54,7 +54,9 @@
"references" : {
"reference_data" : [
{
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
}
]
}

2
2018/11xxx/CVE-2018-11137.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The 'checksum' parameter of the '/common/download_attachment.php' script in the can Quest KACE System Management Appliance 8.0.318 be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script."
"value" : "The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script."
}
]
},

48
2018/11xxx/CVE-2018-11485.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11485",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the \"referral_site\" cookie to have an XSS payload, and placing an order."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://labs.threatpress.com/stored-cross-site-scripting-xss-in-woocommerce-quick-reports-plugin/",
"refsource" : "MISC",
"url" : "http://labs.threatpress.com/stored-cross-site-scripting-xss-in-woocommerce-quick-reports-plugin/"
}
]
}

48
2018/11xxx/CVE-2018-11486.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11486",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://labs.threatpress.com/stored-cross-site-scripting-xss-in-advance-search-for-woocommerce-plugin/",
"refsource" : "MISC",
"url" : "http://labs.threatpress.com/stored-cross-site-scripting-xss-in-advance-search-for-woocommerce-plugin/"
}
]
}

53
2018/11xxx/CVE-2018-11628.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11628",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.emssoftware.com/Content/V44.1_ReleaseNotes.htm",
"refsource" : "MISC",
"url" : "https://docs.emssoftware.com/Content/V44.1_ReleaseNotes.htm"
},
{
"name" : "https://gist.github.com/barrett092/c70752ca6960b8b9616a03006f291a28",
"refsource" : "MISC",
"url" : "https://gist.github.com/barrett092/c70752ca6960b8b9616a03006f291a28"
}
]
}

62
2018/11xxx/CVE-2018-11652.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11652",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7",
"refsource" : "MISC",
"url" : "https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7"
}
]
}
}

18
2018/11xxx/CVE-2018-11653.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11653",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/11xxx/CVE-2018-11654.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11654",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2018/11xxx/CVE-2018-11655.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11655",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/930",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/930"
}
]
}
}

62
2018/11xxx/CVE-2018-11656.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11656",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/931",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/931"
}
]
}
}

62
2018/11xxx/CVE-2018-11657.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11657",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/miniupnp/ngiflib/issues/7",
"refsource" : "MISC",
"url" : "https://github.com/miniupnp/ngiflib/issues/7"
}
]
}
}