admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-03-23 17:05:39 -04:00
parent a4f0fb52e8
commit 88e5e12cc5
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
12 changed files with 639 additions and 238 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
2018/1000xxx/CVE-2018-1000137.json
View File

@ -1,64 +1,62 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://github.com/mkucej/i-librarian/issues/121"
},
{
"url": "https://github.com/mkucej/i-librarian/issues/121"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4.8 and earlier"
}
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "3/15/2018 22:28:53",
"ID" : "CVE-2018-1000137",
"REQUESTER" : "3022235906@qq.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "I, Librarian ",
"version" : {
"version_data" : [
{
"version_value" : "4.8 and earlier"
}
]
}
}
]
},
"product_name": "I, Librarian "
}
]
},
"vendor_name": "I, Librarian "
}
]
}
},
"CVE_data_meta": {
"DATE_ASSIGNED": "3/15/2018 22:28:53",
"ID": "CVE-2018-1000137",
"ASSIGNER": "kurt@seifried.org",
"REQUESTER": "3022235906@qq.com"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross ite Request Forgery (CSRF)"
}
]
},
"vendor_name" : "I, Librarian "
}
]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross ite Request Forgery (CSRF)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/mkucej/i-librarian/issues/121"
}
]
}
}

121
2018/1000xxx/CVE-2018-1000138.json
View File

@ -1,64 +1,65 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://github.com/mkucej/i-librarian/issues/120"
},
{
"url": "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/functions.php#L811"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "I, Librarian version 4.8 and earlier contains a SSRF vulnerability in \"url\" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4.8 and earlier"
}
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "3/15/2018 22:32:23",
"ID" : "CVE-2018-1000138",
"REQUESTER" : "3022235906@qq.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "I, Librarian ",
"version" : {
"version_data" : [
{
"version_value" : "4.8 and earlier"
}
]
}
}
]
},
"product_name": "I, Librarian "
}
]
},
"vendor_name": "I, Librarian "
}
]
}
},
"CVE_data_meta": {
"DATE_ASSIGNED": "3/15/2018 22:32:23",
"ID": "CVE-2018-1000138",
"ASSIGNER": "kurt@seifried.org",
"REQUESTER": "3022235906@qq.com"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF"
}
]
},
"vendor_name" : "I, Librarian "
}
]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "I, Librarian version 4.8 and earlier contains a SSRF vulnerability in \"url\" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SSRF"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/functions.php#L811"
},
{
"url" : "https://github.com/mkucej/i-librarian/issues/120"
}
]
}
}

121
2018/1000xxx/CVE-2018-1000139.json
View File

@ -1,64 +1,65 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://github.com/mkucej/i-librarian/issues/119"
},
{
"url": "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in \"id\" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4.8 and earlier"
}
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "3/15/2018 22:35:10",
"ID" : "CVE-2018-1000139",
"REQUESTER" : "3022235906@qq.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "I, Librarian ",
"version" : {
"version_data" : [
{
"version_value" : "4.8 and earlier"
}
]
}
}
]
},
"product_name": "I, Librarian "
}
]
},
"vendor_name": "I, Librarian "
}
]
}
},
"CVE_data_meta": {
"DATE_ASSIGNED": "3/15/2018 22:35:10",
"ID": "CVE-2018-1000139",
"ASSIGNER": "kurt@seifried.org",
"REQUESTER": "3022235906@qq.com"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
},
"vendor_name" : "I, Librarian "
}
]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in \"id\" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8"
},
{
"url" : "https://github.com/mkucej/i-librarian/issues/119"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000140.json
View File

@ -1 +1,65 @@
{"data_version":"4.0","references":{"reference_data":[{"url":"https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205"},{"url":"https://lgtm.com/rules/1505913226124/"}]},"description":{"description_data":[{"lang":"eng","value":"rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"1.2.14 and earlier"}]},"product_name":"librelp"}]},"vendor_name":"rsyslog"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"3/20/2018 10:38:48","ID":"CVE-2018-1000140","ASSIGNER":"kurt@seifried.org","REQUESTER":"kev@semmle.com"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Buffer Overflow"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "3/20/2018 10:38:48",
"ID" : "CVE-2018-1000140",
"REQUESTER" : "kev@semmle.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "librelp",
"version" : {
"version_data" : [
{
"version_value" : "1.2.14 and earlier"
}
]
}
}
]
},
"vendor_name" : "rsyslog"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205"
},
{
"url" : "https://lgtm.com/rules/1505913226124/"
}
]
}
}

115
2018/1000xxx/CVE-2018-1000141.json
View File

@ -1,61 +1,62 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://github.com/mkucej/i-librarian/issues/124"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "4.9 and earlier"
}
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "3/22/2018 23:59:29",
"ID" : "CVE-2018-1000141",
"REQUESTER" : "xiaoyin.l@outlook.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "I, Librarian",
"version" : {
"version_data" : [
{
"version_value" : "4.9 and earlier"
}
]
}
}
]
},
"product_name": "I, Librarian"
}
]
},
"vendor_name": "I, Librarian"
}
]
}
},
"CVE_data_meta": {
"DATE_ASSIGNED": "3/22/2018 23:59:29",
"ID": "CVE-2018-1000141",
"ASSIGNER": "kurt@seifried.org",
"REQUESTER": "xiaoyin.l@outlook.com"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
},
"vendor_name" : "I, Librarian"
}
]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/mkucej/i-librarian/issues/124"
}
]
}
}

18
2018/8xxx/CVE-2018-8958.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8958",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/8xxx/CVE-2018-8959.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8959",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

60
2018/8xxx/CVE-2018-8960.json Normal file
View File

@ -0,0 +1,60 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8960",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/ImageMagick/ImageMagick/issues/1020"
}
]
}
}

60
2018/8xxx/CVE-2018-8961.json Normal file
View File

@ -0,0 +1,60 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8961",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/libming/libming/issues/130"
}
]
}
}

60
2018/8xxx/CVE-2018-8962.json Normal file
View File

@ -0,0 +1,60 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/libming/libming/issues/130"
}
]
}
}

60
2018/8xxx/CVE-2018-8963.json Normal file
View File

@ -0,0 +1,60 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8963",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/libming/libming/issues/130"
}
]
}
}

60
2018/8xxx/CVE-2018-8964.json Normal file
View File

@ -0,0 +1,60 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/libming/libming/issues/130"
}
]
}
}