admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-10-03 16:05:16 -04:00
parent 9f439b178c
commit 890c129399
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
15 changed files with 458 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/16xxx/CVE-2017-16906.json
View File

@ -61,6 +61,11 @@
"name" : "https://github.com/starnightcyber/Miscellaneous/blob/master/Horde/README.md",
"refsource" : "MISC",
"url" : "https://github.com/starnightcyber/Miscellaneous/blob/master/Horde/README.md"
},
{
"name" : "https://github.com/horde/kronolith/commit/09d90141292f9ec516a7a2007bf828ce2bbdf60d",
"refsource" : "CONFIRM",
"url" : "https://github.com/horde/kronolith/commit/09d90141292f9ec516a7a2007bf828ce2bbdf60d"
}
]
}

5
2017/16xxx/CVE-2017-16907.json
View File

@ -56,6 +56,11 @@
"name" : "http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html",
"refsource" : "MISC",
"url" : "http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html"
},
{
"name" : "https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230",
"refsource" : "CONFIRM",
"url" : "https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230"
}
]
}

5
2017/16xxx/CVE-2017-16908.json
View File

@ -56,6 +56,11 @@
"name" : "http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html",
"refsource" : "MISC",
"url" : "http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html"
},
{
"name" : "https://github.com/horde/kronolith/commit/39f740068ad21618f6f70b6e37855c61cadbd716",
"refsource" : "CONFIRM",
"url" : "https://github.com/horde/kronolith/commit/39f740068ad21618f6f70b6e37855c61cadbd716"
}
]
}

2
2017/2xxx/CVE-2017-2751.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "HPSBGN03575",
"refsource" : "HP",
"url" : "https://support.hp.com/us-en/document/c05913581"
}
]

53
2018/17xxx/CVE-2018-17408.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17408",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45505",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45505/"
},
{
"name" : "https://blog.spentera.id/zahir-accounting-enterprise-plus-6/",
"refsource" : "MISC",
"url" : "https://blog.spentera.id/zahir-accounting-enterprise-plus-6/"
}
]
}

48
2018/17xxx/CVE-2018-17428.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17428",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45518",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45518/"
}
]
}

68
2018/17xxx/CVE-2018-17540.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17540",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181002 [SECURITY] [DLA 1528-1] strongswan security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00001.html"
},
{
"name" : "https://download.strongswan.org/security/CVE-2018-17540/",
"refsource" : "CONFIRM",
"url" : "https://download.strongswan.org/security/CVE-2018-17540/"
},
{
"name" : "https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html",
"refsource" : "CONFIRM",
"url" : "https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html"
},
{
"name" : "DSA-4309",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4309"
},
{
"name" : "USN-3774-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3774-1/"
}
]
}

53
2018/17xxx/CVE-2018-17552.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17552",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/rapid7/metasploit-framework/pull/10704",
"refsource" : "MISC",
"url" : "https://github.com/rapid7/metasploit-framework/pull/10704"
},
{
"name" : "https://github.com/NavigateCMS/Navigate-CMS/commit/6df73ccca64253a5e81c23356943fae50ffc836f",
"refsource" : "CONFIRM",
"url" : "https://github.com/NavigateCMS/Navigate-CMS/commit/6df73ccca64253a5e81c23356943fae50ffc836f"
}
]
}

53
2018/17xxx/CVE-2018-17553.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17553",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An \"Unrestricted Upload of File with Dangerous Type\" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/rapid7/metasploit-framework/pull/10704",
"refsource" : "MISC",
"url" : "https://github.com/rapid7/metasploit-framework/pull/10704"
},
{
"name" : "https://github.com/NavigateCMS/Navigate-CMS/commit/2bdcb8b3c5bb23851a2115db96585f1ac8cb2d1e",
"refsource" : "CONFIRM",
"url" : "https://github.com/NavigateCMS/Navigate-CMS/commit/2bdcb8b3c5bb23851a2115db96585f1ac8cb2d1e"
}
]
}

48
2018/17xxx/CVE-2018-17562.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17562",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://securityshards.wordpress.com/2018/10/02/cve-2018-17562-faxfinder-5-0-5-8-sqlite-inejection-vulnerability/",
"refsource" : "MISC",
"url" : "https://securityshards.wordpress.com/2018/10/02/cve-2018-17562-faxfinder-5-0-5-8-sqlite-inejection-vulnerability/"
}
]
}

48
2018/17xxx/CVE-2018-17880.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17880",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://xz.aliyun.com/t/2834#toc-5",
"refsource" : "MISC",
"url" : "https://xz.aliyun.com/t/2834#toc-5"
}
]
}

48
2018/17xxx/CVE-2018-17881.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17881",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://xz.aliyun.com/t/2834#toc-5",
"refsource" : "MISC",
"url" : "https://xz.aliyun.com/t/2834#toc-5"
}
]
}

18
2018/17xxx/CVE-2018-17970.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17970",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/17xxx/CVE-2018-17971.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17971",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2018/5xxx/CVE-2018-5921.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "HPSBPI03580",
"refsource" : "HP",
"url" : "https://support.hp.com/us-en/document/c05949322"
}
]