admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-05-31 16:03:59 -04:00
parent 6656d5b45e
commit 881e7a5a8d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 455 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2014/10xxx/CVE-2014-10064.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The qs module does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring."
"value" : "The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/28",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/28"
}
]

6
2014/10xxx/CVE-2014-10065.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Certain input when passed into remarkable will bypass the bad prototcol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content."
"value" : "Certain input when passed into remarkable before 1.4.1 will bypass the bad prototcol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/jonschlinkert/remarkable/issues/97",
"refsource" : "MISC",
"url" : "https://github.com/jonschlinkert/remarkable/issues/97"
},
{
"name" : "https://nodesecurity.io/advisories/30",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/30"
}
]

2
2014/10xxx/CVE-2014-10066.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/9",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/9"
}
]

12
2015/9xxx/CVE-2015-9236.json
View File

@ -54,12 +54,18 @@
"references" : {
"reference_data" : [
{
"url" : "https://github.com/hapijs/hapi/issues/2850"
},
{
"name" : "https://github.com/hapijs/hapi/issues/2840",
"refsource" : "MISC",
"url" : "https://github.com/hapijs/hapi/issues/2840"
},
{
"name" : "https://github.com/hapijs/hapi/issues/2850",
"refsource" : "MISC",
"url" : "https://github.com/hapijs/hapi/issues/2850"
},
{
"name" : "https://nodesecurity.io/advisories/45",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/45"
}
]

4
2015/9xxx/CVE-2015-9238.json
View File

@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/vdemedes/secure-compare/pull/1",
"refsource" : "MISC",
"url" : "https://github.com/vdemedes/secure-compare/pull/1"
},
{
"name" : "https://nodesecurity.io/advisories/50",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/50"
}
]

2
2015/9xxx/CVE-2015-9239.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/51",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/51"
}
]

14
2016/10xxx/CVE-2016-10518.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability was found in the ping functionality of the ws module which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes. ``` var x = new Buffer(100); // vs var x = new Buffer('100'); ``` This would allocate 100 bytes of memory in the first example and just 3 bytes with 100 as value in the second example. So the client would allocate 100 bytes of non-zeroed buffer and send that to the server. Note that the client (which could in fact be the server in certain instances) is that one that allocates and sends the memory that is then echo'd by the server."
"value" : "A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes."
}
]
},
@ -54,13 +54,19 @@
"references" : {
"reference_data" : [
{
"name" : "https://gist.github.com/c0nrad/e92005446c480707a74a",
"refsource" : "MISC",
"url" : "https://gist.github.com/c0nrad/e92005446c480707a74a"
},
{
"name" : "https://github.com/websockets/ws/releases/tag/1.0.1",
"refsource" : "MISC",
"url" : "https://github.com/websockets/ws/releases/tag/1.0.1"
},
{
"name" : "https://nodesecurity.io/advisories/67",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/67"
},
{
"url" : "https://gist.github.com/c0nrad/e92005446c480707a74a"
}
]
}

6
2016/10xxx/CVE-2016-10519.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A security issue was found in bittorrent-dht that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory. There are two mitigating factors here, that slightly reduce the impact of this vulnerability: 1) Any modern kernel will zero out new memory pages before handing them off to a process. This means that only memory previously used and deallocated by the node process can be leaked. 2) Node.js manages Buffers by creating a few large internal SlowBuffers, and slicing them up into smaller Buffers which are made accessible in JS. They are not stored on V8's heap, because garbage collection would interfere. The result is that only memory that has been previously allocated as a Buffer can be leaked."
"value" : "A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/feross/bittorrent-dht/issues/87",
"refsource" : "MISC",
"url" : "https://github.com/feross/bittorrent-dht/issues/87"
},
{
"name" : "https://nodesecurity.io/advisories/68",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/68"
}
]

2
2016/10xxx/CVE-2016-10520.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/52",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/52"
}
]

2
2016/10xxx/CVE-2016-10521.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/53",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/53"
}
]

14
2016/10xxx/CVE-2016-10523.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Specifically crafted MQTT packets can crash the application, making a DoS attack feasible with very little bandwidth."
"value" : "MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth."
}
]
},
@ -54,12 +54,18 @@
"references" : {
"reference_data" : [
{
"url" : "https://github.com/mqttjs/mqtt-packet/pull/8"
},
{
"name" : "https://github.com/mcollina/mosca/issues/393",
"refsource" : "MISC",
"url" : "https://github.com/mcollina/mosca/issues/393"
},
{
"name" : "https://github.com/mqttjs/mqtt-packet/pull/8",
"refsource" : "MISC",
"url" : "https://github.com/mqttjs/mqtt-packet/pull/8"
},
{
"name" : "https://nodesecurity.io/advisories/75",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/75"
}
]

6
2016/10xxx/CVE-2016-10524.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "i18n-node-angular is a module used to interact between i18n and angular without Using additional resources a REST API endpoint that is used for development was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection"
"value" : "i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/oliversalzburg/i18n-node-angular/commit/877720d2d9bb90dc8233706e81ffa03f99fc9dc8",
"refsource" : "MISC",
"url" : "https://github.com/oliversalzburg/i18n-node-angular/commit/877720d2d9bb90dc8233706e81ffa03f99fc9dc8"
},
{
"name" : "https://nodesecurity.io/advisories/80",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/80"
}
]

4
2016/10xxx/CVE-2016-10526.json
View File

@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/tschaub/grunt-gh-pages/pull/41",
"refsource" : "MISC",
"url" : "https://github.com/tschaub/grunt-gh-pages/pull/41"
},
{
"name" : "https://nodesecurity.io/advisories/85",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/85"
}
]

4
2016/10xxx/CVE-2016-10527.json
View File

@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/riot/compiler/issues/46",
"refsource" : "MISC",
"url" : "https://github.com/riot/compiler/issues/46"
},
{
"name" : "https://nodesecurity.io/advisories/86",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/86"
}
]

4
2016/10xxx/CVE-2016-10528.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web restafary is able to set up a root path, which should only allow it to run inside of that root path it specified."
"value" : "restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/89",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/89"
}
]

4
2016/10xxx/CVE-2016-10529.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Droppy versions <=3.4.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others."
"value" : "Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/91",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/91"
}
]

6
2016/10xxx/CVE-2016-10530.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The airbrake module defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS."
"value" : "The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/airbrake/node-airbrake/issues/70",
"refsource" : "MISC",
"url" : "https://github.com/airbrake/node-airbrake/issues/70"
},
{
"name" : "https://nodesecurity.io/advisories/96",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/96"
}
]

8
2016/10xxx/CVE-2016-10531.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "marked is an application that is meant to parse and compile markdown. Due to the way that marked parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left. For example: If a malicious user could provide this input to the application `javascript&#x58document;alert(1)` resulting in a valid link, that when a user clicked it would execute `alert(1)`."
"value" : "marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left."
}
]
},
@ -54,12 +54,18 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/chjj/marked/pull/592",
"refsource" : "MISC",
"url" : "https://github.com/chjj/marked/pull/592"
},
{
"name" : "https://github.com/chjj/marked/pull/592/commits/2cff85979be8e7a026a9aca35542c470cf5da523",
"refsource" : "MISC",
"url" : "https://github.com/chjj/marked/pull/592/commits/2cff85979be8e7a026a9aca35542c470cf5da523"
},
{
"name" : "https://nodesecurity.io/advisories/101",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/101"
}
]

4
2016/10xxx/CVE-2016-10532.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response."
"value" : "console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/90",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/90"
}
]

6
2016/10xxx/CVE-2016-10533.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. If you have a user model that you want to protect, such as the following User model: ``` const User = mongoose.model('User', new mongoose.Schema({ name: String, password: String, })); ``` You would normally do something such as: ``` restify.serve(router, User, { private: ['password'], // Set the password part of User as private, so outside people can't read it }) ``` This would hide the password field from people that send your application a `GET /User` and `GET /User/some-user-id` request. A malicious user can go to your application and send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes."
"value" : "express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/florianholzapfel/express-restify-mongoose/issues/252",
"refsource" : "MISC",
"url" : "https://github.com/florianholzapfel/express-restify-mongoose/issues/252"
},
{
"name" : "https://nodesecurity.io/advisories/92",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/92"
}
]

6
2016/10xxx/CVE-2016-10534.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option defaults to false if not explicitly set to true This could allow an attacker t"
"value" : "electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/electron-userland/electron-packager/issues/333",
"refsource" : "MISC",
"url" : "https://github.com/electron-userland/electron-packager/issues/333"
},
{
"name" : "https://nodesecurity.io/advisories/104",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/104"
}
]

6
2016/10xxx/CVE-2016-10535.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "csrf-lite is a cross-site request forgery protection library for framework-less node sites csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker being able to calculate minuscul"
"value" : "csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/isaacs/csrf-lite/pull/1",
"refsource" : "MISC",
"url" : "https://github.com/isaacs/csrf-lite/pull/1"
},
{
"name" : "https://nodesecurity.io/advisories/94",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/94"
}
]

12
2016/10xxx/CVE-2016-10536.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as `null`, resulting in certificate verification being turned off: ``` // line that causes bug this.rejectUnauthorized = opts.rejectUnauthorized === undefined ? null : opts.rejectUnauthorized; ```"
"value" : "engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client 1.6.8 and earlier passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as `null`, resulting in certificate verification being turned off."
}
]
},
@ -54,13 +54,19 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/socketio/engine.io-client/commit/2c55b278a491bf45313ecc0825cf800e2f7ff5c1",
"refsource" : "MISC",
"url" : "https://github.com/socketio/engine.io-client/commit/2c55b278a491bf45313ecc0825cf800e2f7ff5c1"
},
{
"url" : "https://www.cigital.com/blog/node-js-socket-io/"
"name" : "https://nodesecurity.io/advisories/99",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/99"
},
{
"url" : "https://nodesecurity.io/advisories/99"
"name" : "https://www.cigital.com/blog/node-js-socket-io/",
"refsource" : "MISC",
"url" : "https://www.cigital.com/blog/node-js-socket-io/"
}
]
}

6
2016/10xxx/CVE-2016-10537.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`."
"value" : "backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/jashkenas/backbone/compare/0.3.3...0.5.0#diff-0d56d0d310de7ff18b3cef9c2f8f75dcL1008",
"refsource" : "MISC",
"url" : "https://github.com/jashkenas/backbone/compare/0.3.3...0.5.0#diff-0d56d0d310de7ff18b3cef9c2f8f75dcL1008"
},
{
"name" : "https://nodesecurity.io/advisories/108",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/108"
}
]

8
2016/10xxx/CVE-2016-10538.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The package `node-cli` insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to."
"value" : "The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to."
}
]
},
@ -54,12 +54,18 @@
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252"
},
{
"name" : "https://github.com/node-js-libs/cli/issues/81",
"refsource" : "MISC",
"url" : "https://github.com/node-js-libs/cli/issues/81"
},
{
"name" : "https://nodesecurity.io/advisories/95",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/95"
}
]

4
2016/10xxx/CVE-2016-10539.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for \"Accept-Language\", when parsed by negotiator is vulnerable to Regular Expression Denial of Service via a specially crafted string."
"value" : "negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for \"Accept-Language\", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/106",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/106"
}
]

4
2016/10xxx/CVE-2016-10540.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` is vulnerable to ReDoS in the `pattern` parameter. This is because of the regular expression on line 521 of minimatch.js: `/((?:\\{2})*)(\\?)\\|/g,`. The problematic portion of the regex is `((?:\\{2})*)` which matches against `\\`. A proof of concept is as follows: ``` var minimatch = require(&#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#186;minimatch&#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#185;); // utility function for generating long strings var genstr = function (len, chr) { var result = &#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#186;&#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#185;; for (i=0; i<=len; i++) { result = result + chr; } return result; } var exploit = &#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#186;[!&#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#185; + genstr(1000000, &#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#186;\\&#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#185;) + &#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#186;A&#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#185;; // minimatch exploit. console.log(&#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#186;starting minimatch&#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#185;); minimatch(&#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#186;foo&#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#185;, exploit); console.log(&#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#186;finishing minimatch&#xe2;&#x80;&#x9a;&#195;&#132;&#195;&#185;); ```"
"value" : "Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/118",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/118"
}
]

4
2016/10xxx/CVE-2016-10541.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The npm module \"shell-quote\" cannot correctly escape \">\" and \"<\" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. For example: const quote = require('shell-quote').quote; console.log(quote(['foo>bar'])); will print \"foo>bar\", where \"foo\\>bar\" is desirable. If an application is escaping command-line args with this module, they might be vulnerable from malicious user input. For example: ``` var sq = require('../tests/get/shell-quote-1.6.0'); var exec = require('child_process').exec; var pattern = process.argv[2]; command = sq.quote(['grep', pattern])); exec('cat file | ' + command, function ( err, stdout, stderr) { console.log(command, stdout); }); ``` will be vulnerable when user input something like pattern = ':</etc/passwd', which causes the content of /etc/passwd to be leaked. Addtionally, the `;`, `{`, and `}` characters weren't escaped properly either. This allows for full command injection. A malicious user could input `'a;{echo,test,123,234}'` to execute echo fully."
"value" : "The npm module \"shell-quote\" 1.6.0 and earlier cannot correctly escape \">\" and \"<\" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/117",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/117"
}
]

6
2016/10xxx/CVE-2016-10542.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "ws is a \"simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455\". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process."
"value" : "ws is a \"simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455\". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/nodejs/node/issues/7388",
"refsource" : "MISC",
"url" : "https://github.com/nodejs/node/issues/7388"
},
{
"name" : "https://nodesecurity.io/advisories/120",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/120"
}
]

6
2016/10xxx/CVE-2016-10543.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules. For example, in the routing scheme `/api/{param}/{param2}/details`, a request made to `/api///` would match incorrectly."
"value" : "call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/hapijs/hapi/issues/3228",
"refsource" : "MISC",
"url" : "https://github.com/hapijs/hapi/issues/3228"
},
{
"name" : "https://nodesecurity.io/advisories/121",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/121"
}
]

6
2016/10xxx/CVE-2016-10544.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size"
"value" : "uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/uWebSockets/uWebSockets/commit/37deefd01f0875e133ea967122e3a5e421b8fcd9",
"refsource" : "MISC",
"url" : "https://github.com/uWebSockets/uWebSockets/commit/37deefd01f0875e133ea967122e3a5e421b8fcd9"
},
{
"name" : "https://nodesecurity.io/advisories/149",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/149"
}
]

4
2016/10xxx/CVE-2016-10546.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "An arbitrary code injection vector was found in PouchDB 5.4.5 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands."
"value" : "An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/143",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/143"
}
]

6
2016/10xxx/CVE-2016-10547.json
View File

@ -54,12 +54,18 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/matt-/nunjucks_test",
"refsource" : "MISC",
"url" : "https://github.com/matt-/nunjucks_test"
},
{
"name" : "https://github.com/mozilla/nunjucks/issues/835",
"refsource" : "MISC",
"url" : "https://github.com/mozilla/nunjucks/issues/835"
},
{
"name" : "https://nodesecurity.io/advisories/147",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/147"
}
]

6
2016/10xxx/CVE-2016-10548.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Arbitrary code execution is possible through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the `calc` function."
"value" : "Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the `calc` function."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://gist.github.com/ChALkeR/415a41b561ebea9b341efbb40b802fc9",
"refsource" : "MISC",
"url" : "https://gist.github.com/ChALkeR/415a41b561ebea9b341efbb40b802fc9"
},
{
"name" : "https://nodesecurity.io/advisories/144",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/144"
}
]

14
2016/10xxx/CVE-2016-10549.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Sails is an MVC style framework for building realtime web applications. Version 0.12.6 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible."
"value" : "Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible."
}
]
},
@ -54,12 +54,18 @@
"references" : {
"reference_data" : [
{
"url" : "http://sailsjs.org/documentation/reference/configuration/sails-config-cors"
},
{
"name" : "http://sailsjs.org/documentation/concepts/security/cors",
"refsource" : "MISC",
"url" : "http://sailsjs.org/documentation/concepts/security/cors"
},
{
"name" : "http://sailsjs.org/documentation/reference/configuration/sails-config-cors",
"refsource" : "MISC",
"url" : "http://sailsjs.org/documentation/reference/configuration/sails-config-cors"
},
{
"name" : "https://nodesecurity.io/advisories/148",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/148"
}
]

6
2016/10xxx/CVE-2016-10550.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "sequalize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. `1; DELETE FROM \"Users\" WHERE 1=1; --`"
"value" : "sequalize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03",
"refsource" : "MISC",
"url" : "https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03"
},
{
"name" : "https://nodesecurity.io/advisories/112",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/112"
}
]

4
2016/10xxx/CVE-2016-10552.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Downloads JavaScript and CSS resources over insecure protocol http://cdn-na.infragistics.com/igniteui/latest/css/structure/infragistics.css http://cdn-na.infragistics.com/igniteui/latest/css/themes/infragistics/infragistics.theme.css http://cdn-na.infragistics.com/igniteui/latest/js/infragistics.lob.js http://cdn-na.infragistics.com/igniteui/latest/js/infragistics.dv.js http://cdn-na.infragistics.com/igniteui/latest/js/infragistics.core.js"
"value" : "igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/116",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/116"
}
]

6
2016/10xxx/CVE-2016-10553.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "sequalize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS A fix was pushed out that fixed potential SQL injection. The two fixes were [REMOVED/SECURITY] findOne no longer takes a string / integer / binary argument to represent a primaryKey. Use findById instead [REMOVED/SECURITY] where: \"raw query\" is no longer legal, you must now explicitly use where: [\"raw query\", [replacements]]"
"value" : "sequalize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sequelize/sequelize/blob/master/changelog.md#300",
"refsource" : "MISC",
"url" : "https://github.com/sequelize/sequelize/blob/master/changelog.md#300"
},
{
"name" : "https://nodesecurity.io/advisories/109",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/109"
}
]

6
2016/10xxx/CVE-2016-10554.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping."
"value" : "sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escaping."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42d",
"refsource" : "MISC",
"url" : "https://github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42d"
},
{
"name" : "https://nodesecurity.io/advisories/113",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/113"
}
]

10
2016/10xxx/CVE-2016-10555.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Since \"algorithm\" isn't enforced in jwt.decode(), a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants."
"value" : "Since \"algorithm\" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants."
}
]
},
@ -54,15 +54,23 @@
"references" : {
"reference_data" : [
{
"name" : "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/",
"refsource" : "MISC",
"url" : "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/"
},
{
"name" : "https://github.com/hokaccha/node-jwt-simple/pull/14",
"refsource" : "MISC",
"url" : "https://github.com/hokaccha/node-jwt-simple/pull/14"
},
{
"name" : "https://github.com/hokaccha/node-jwt-simple/pull/16",
"refsource" : "MISC",
"url" : "https://github.com/hokaccha/node-jwt-simple/pull/16"
},
{
"name" : "https://nodesecurity.io/advisories/87",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/87"
}
]

2
2016/10xxx/CVE-2016-10557.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/162",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/162"
}
]

2
2016/10xxx/CVE-2016-10560.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/170",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/170"
}
]

2
2016/10xxx/CVE-2016-10561.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/150",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/150"
}
]

2
2016/10xxx/CVE-2016-10562.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/174",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/174"
}
]

6
2016/10xxx/CVE-2016-10563.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "During the installation process, the go-ipfs-deps module insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise."
"value" : "During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise."
}
]
},
@ -54,9 +54,13 @@
"references" : {
"reference_data" : [
{
"name" : "https://github.com/diasdavid/go-ipfs-dep/pull/12",
"refsource" : "MISC",
"url" : "https://github.com/diasdavid/go-ipfs-dep/pull/12"
},
{
"name" : "https://nodesecurity.io/advisories/156",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/156"
}
]

2
2016/10xxx/CVE-2016-10564.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/195",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/195"
}
]

2
2016/10xxx/CVE-2016-10565.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/196",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/196"
}
]

2
2016/10xxx/CVE-2016-10569.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/187",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/187"
}
]

2
2016/10xxx/CVE-2016-10571.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/220",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/220"
}
]

4
2016/10xxx/CVE-2016-10572.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "mongodb-instance installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
"value" : "mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/235",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/235"
}
]

18
2018/11xxx/CVE-2018-11629.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11629",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/11xxx/CVE-2018-11630.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11630",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2018/11xxx/CVE-2018-11631.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11631",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/xMagass/bandexploit",
"refsource" : "MISC",
"url" : "https://github.com/xMagass/bandexploit"
}
]
}
}

67
2018/11xxx/CVE-2018-11632.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11632",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-add-social-share-messenger-buttons-whatsapp-and-viber-plugin/",
"refsource" : "MISC",
"url" : "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-add-social-share-messenger-buttons-whatsapp-and-viber-plugin/"
},
{
"name" : "https://wordpress.org/plugins/add-social-share-buttons/#developers",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/add-social-share-buttons/#developers"
}
]
}
}

67
2018/11xxx/CVE-2018-11633.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11633",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-woo-checkout-for-digital-goods-plugin/",
"refsource" : "MISC",
"url" : "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-woo-checkout-for-digital-goods-plugin/"
},
{
"name" : "https://wordpress.org/plugins/woo-checkout-for-digital-goods/#developers",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/woo-checkout-for-digital-goods/#developers"
}
]
}
}