admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-06-15 10:04:08 -04:00
parent 244c6cc6f7
commit 8328e1d85d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
7 changed files with 311 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2018/12xxx/CVE-2018-12455.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12455",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/12xxx/CVE-2018-12456.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12456",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

72
2018/12xxx/CVE-2018-12457.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12457",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b",
"refsource" : "MISC",
"url" : "https://github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b"
},
{
"name" : "https://hackerone.com/reports/343626",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/343626"
},
{
"name" : "https://www.npmjs.com/package/express-cart?activeTab=versions",
"refsource" : "MISC",
"url" : "https://www.npmjs.com/package/express-cart?activeTab=versions"
}
]
}
}

94
2018/1xxx/CVE-2018-1419.json
View File

@ -1,46 +1,9 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "3.700",
"S" : "U",
"UI" : "N",
"AC" : "H",
"AV" : "N",
"I" : "N",
"PR" : "N",
"C" : "N",
"A" : "L"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"CVE_data_meta" : {
"ID" : "CVE-2018-1419",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-06-12T00:00:00"
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 2014650 (MQ)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22014650",
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22014650"
},
{
"name" : "ibm-websphere-cve20181419-dos(138949)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
"DATE_PUBLIC" : "2018-06-12T00:00:00",
"ID" : "CVE-2018-1419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
@ -49,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "MQ",
"version" : {
"version_data" : [
{
@ -100,8 +64,7 @@
"version_value" : "8.0.0.8"
}
]
},
"product_name" : "MQ"
}
}
]
},
@ -110,6 +73,37 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"AC" : "H",
"AV" : "N",
"C" : "N",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "3.700",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -122,13 +116,17 @@
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"references" : {
"reference_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949."
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22014650",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22014650"
},
{
"name" : "ibm-websphere-cve20181419-dos(138949)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138949"
}
]
}

100
2018/1xxx/CVE-2018-1460.json
View File

@ -1,87 +1,85 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211."
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"SCORE" : "8.400",
"UI" : "N",
"I" : "H",
"AV" : "L",
"S" : "U",
"PR" : "N",
"A" : "H",
"C" : "H",
"AC" : "L"
}
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-14T00:00:00",
"ID" : "CVE-2018-1460",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "PureData System for Analytics",
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
}
]
},
"product_name" : "PureData System for Analytics"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"AC" : "L",
"AV" : "L",
"C" : "H",
"I" : "H",
"PR" : "N",
"S" : "U",
"SCORE" : "8.400",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22015701",
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22015701",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 2015701 (PureData System for Analytics)",
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22015701"
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22015701"
},
{
"name" : "ibm-netezza-cve20181460-priv-escalation(140211)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140211"
}

107
2018/6xxx/CVE-2018-6671.json
View File

@ -1,89 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6671",
"STATE": "PUBLIC",
"TITLE": "SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@mcafee.com",
"ID" : "CVE-2018-6671",
"STATE" : "PUBLIC",
"TITLE" : "SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "ePolicy Orchestrator (ePO)",
"version": {
"version_data": [
"product_name" : "ePolicy Orchestrator (ePO)",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5.3.0 through 5.3.3",
"version_value": "5.3.3 with hotfix EPO5xHF1229850"
"affected" : "<",
"version_name" : "5.3.0 through 5.3.3",
"version_value" : "5.3.3 with hotfix EPO5xHF1229850"
},
{
"affected": "<",
"version_name": "5.9.0 through 5.9.1",
"version_value": "5.9.1 with hotfix EPO5xHF1229850"
"affected" : "<",
"version_name" : "5.9.0 through 5.9.1",
"version_value" : "5.9.1 with hotfix EPO5xHF1229850"
}
]
}
}
]
},
"vendor_name": "McAfee"
"vendor_name" : "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request.\n"
"lang" : "eng",
"value" : "Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 4.7,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Application Protection Bypass vulnerability\n"
"lang" : "eng",
"value" : "Application Protection Bypass vulnerability\n"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10240"
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10240",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10240"
}
]
},
"source": {
"advisory": "SB10240",
"discovery": "INTERNAL"
"source" : {
"advisory" : "SB10240",
"discovery" : "INTERNAL"
}
}

107
2018/6xxx/CVE-2018-6672.json
View File

@ -1,89 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6672",
"STATE": "PUBLIC",
"TITLE": "SB10240 - ePolicy Orchestrator (ePO) - Information disclosure vulnerablity"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@mcafee.com",
"ID" : "CVE-2018-6672",
"STATE" : "PUBLIC",
"TITLE" : "SB10240 - ePolicy Orchestrator (ePO) - Information disclosure vulnerablity"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "ePolicy Orchestrator (ePO)",
"version": {
"version_data": [
"product_name" : "ePolicy Orchestrator (ePO)",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5.3.0 through 5.3.3",
"version_value": "5.3.3 with hotfix EPO5xHF1229850"
"affected" : "<",
"version_name" : "5.3.0 through 5.3.3",
"version_value" : "5.3.3 with hotfix EPO5xHF1229850"
},
{
"affected": "<",
"version_name": "5.9.0 through 5.9.1",
"version_value": "5.9.1 with hotfix EPO5xHF1229850"
"affected" : "<",
"version_name" : "5.9.0 through 5.9.1",
"version_value" : "5.9.1 with hotfix EPO5xHF1229850"
}
]
}
}
]
},
"vendor_name": "McAfee"
"vendor_name" : "McAfee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors."
"lang" : "eng",
"value" : "Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.7,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
"lang" : "eng",
"value" : "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10240"
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10240",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10240"
}
]
},
"source": {
"advisory": "SB10240",
"discovery": "INTERNAL"
"source" : {
"advisory" : "SB10240",
"discovery" : "INTERNAL"
}
}