admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-11-26 15:05:52 -05:00
parent 62c8493e89
commit 838c16d567
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 504 additions and 228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
2018/11xxx/CVE-2018-11066.json
View File

@ -104,6 +104,7 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource" : "FULLDISC", "refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Nov/49" "url" : "https://seclists.org/fulldisclosure/2018/Nov/49"
} }

1
2018/11xxx/CVE-2018-11067.json
View File

@ -104,6 +104,7 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities",
"refsource" : "FULLDISC", "refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Nov/49" "url" : "https://seclists.org/fulldisclosure/2018/Nov/49"
} }

3
2018/11xxx/CVE-2018-11076.json
View File

@ -68,7 +68,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management consoles SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users." "value" : "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
} }
] ]
}, },
@ -87,6 +87,7 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"refsource" : "FULLDISC", "refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Nov/50" "url" : "https://seclists.org/fulldisclosure/2018/Nov/50"
} }

3
2018/11xxx/CVE-2018-11077.json
View File

@ -85,7 +85,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value": "getlogs utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege." "value" : "'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
} }
] ]
}, },
@ -104,6 +104,7 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"refsource" : "FULLDISC", "refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Nov/51" "url" : "https://seclists.org/fulldisclosure/2018/Nov/51"
} }

10
2018/18xxx/CVE-2018-18807.json
View File

@ -37,7 +37,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0." "value" : "The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0."
} }
] ]
}, },
@ -72,10 +72,14 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-26-2018-tibco-statistica-server" "name" : "http://www.tibco.com/services/support/advisories",
"refsource" : "MISC",
"url" : "http://www.tibco.com/services/support/advisories"
}, },
{ {
"url" : "http://www.tibco.com/services/support/advisories" "name" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-26-2018-tibco-statistica-server",
"refsource" : "CONFIRM",
"url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-26-2018-tibco-statistica-server"
} }
] ]
}, },

67
2018/19xxx/CVE-2018-19565.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://seclists.org/oss-sec/2018/q4/165",
"refsource" : "MISC",
"url" : "https://seclists.org/oss-sec/2018/q4/165"
},
{
"name" : "https://seclists.org/oss-sec/2018/q4/171",
"refsource" : "MISC",
"url" : "https://seclists.org/oss-sec/2018/q4/171"
}
]
}
}

67
2018/19xxx/CVE-2018-19566.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://seclists.org/oss-sec/2018/q4/165",
"refsource" : "MISC",
"url" : "https://seclists.org/oss-sec/2018/q4/165"
},
{
"name" : "https://seclists.org/oss-sec/2018/q4/171",
"refsource" : "MISC",
"url" : "https://seclists.org/oss-sec/2018/q4/171"
}
]
}
}

67
2018/19xxx/CVE-2018-19567.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19567",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://seclists.org/oss-sec/2018/q4/165",
"refsource" : "MISC",
"url" : "https://seclists.org/oss-sec/2018/q4/165"
},
{
"name" : "https://seclists.org/oss-sec/2018/q4/171",
"refsource" : "MISC",
"url" : "https://seclists.org/oss-sec/2018/q4/171"
}
]
}
}

67
2018/19xxx/CVE-2018-19568.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://seclists.org/oss-sec/2018/q4/165",
"refsource" : "MISC",
"url" : "https://seclists.org/oss-sec/2018/q4/165"
},
{
"name" : "https://seclists.org/oss-sec/2018/q4/171",
"refsource" : "MISC",
"url" : "https://seclists.org/oss-sec/2018/q4/171"
}
]
}
}