admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-02-09 17:02:48 -05:00
parent b7d7b0a4fb
commit 8b616afdf7
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
12 changed files with 408 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
2012/6xxx/CVE-2012-6346.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6346",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,29 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.vulnerability-lab.com/get_content.php?id=702"
},
{
"url" : "https://fortiguard.com/psirt/FG-IR-012-008"
}
]
}

49
2012/6xxx/CVE-2012-6347.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6347",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,29 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.vulnerability-lab.com/get_content.php?id=558"
},
{
"url" : "https://fortiguard.com/psirt/FG-IR-012-007"
}
]
}

67
2014/3xxx/CVE-2014-3219.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3219",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,47 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.openwall.com/lists/oss-security/2014/05/06/3"
},
{
"url" : "http://www.openwall.com/lists/oss-security/2014/09/28/8"
},
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1092091"
},
{
"url" : "https://github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355ce"
},
{
"url" : "https://github.com/fish-shell/fish-shell/issues/1440"
},
{
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132751.html"
},
{
"url" : "http://security.gentoo.org/glsa/glsa-201412-49.xml"
},
{
"url" : "http://www.securityfocus.com/bid/67115"
}
]
}

61
2014/8xxx/CVE-2014-8171.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8171",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,41 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198109"
},
{
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0864.html"
},
{
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2152.html"
},
{
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2411.html"
},
{
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0068.html"
},
{
"url" : "http://www.securityfocus.com/bid/74293"
}
]
}

73
2015/1xxx/CVE-2015-1862.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1862",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,53 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.exploit-db.com/exploits/36746/"
},
{
"url" : "https://www.exploit-db.com/exploits/36747/"
},
{
"url" : "http://seclists.org/fulldisclosure/2015/Apr/34"
},
{
"url" : "http://www.openwall.com/lists/oss-security/2015/04/14/4"
},
{
"url" : "http://packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html"
},
{
"url" : "http://packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html"
},
{
"url" : "http://packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html"
},
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1211223"
},
{
"url" : "https://github.com/abrt/abrt/pull/810"
},
{
"url" : "http://www.securityfocus.com/bid/74263"
}
]
}

6
2017/0xxx/CVE-2017-0911.json
View File

@ -54,10 +54,10 @@
"references" : {
"reference_data" : [
{
"url" : "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html"
"url" : "https://hackerone.com/reports/290229"
},
{
"url" : "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017"
"url" : "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html"
},
{
"url" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71"
@ -66,7 +66,7 @@
"url" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411"
},
{
"url" : "https://hackerone.com/reports/290229"
"url" : "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017"
}
]
}

52
2018/5xxx/CVE-2018-5306.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5306",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,32 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the \"File Upload\" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://seclists.org/fulldisclosure/2018/Feb/23"
},
{
"url" : "https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.html"
},
{
"url" : "https://support.sonatype.com/hc/en-us/articles/360000134968"
}
]
}

52
2018/5xxx/CVE-2018-5307.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5307",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,32 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the \"File Upload\" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://seclists.org/fulldisclosure/2018/Feb/23"
},
{
"url" : "https://www.sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-vulnerabilities-in-sonatype-nexus-repository-manager-oss-pro/index.html"
},
{
"url" : "https://support.sonatype.com/hc/en-us/articles/360000134928"
}
]
}

5
2018/6xxx/CVE-2018-6522.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In nProtect AVS V4.0 4.0.0.38, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408."
"value" : "In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408."
}
]
},
@ -54,6 +54,9 @@
"reference_data" : [
{
"url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/nProtectAntivirus_POC/tree/master/TKRgFtXp_0x220408"
},
{
"url" : "http://inca.co.kr/include_file/pdf_down/nProtect%20AVS%20V4%20Vulnerability%20Response%20Release%20Notes.pdf"
}
]
}

5
2018/6xxx/CVE-2018-6523.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c."
"value" : "In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c."
}
]
},
@ -54,6 +54,9 @@
"reference_data" : [
{
"url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/nProtectAntivirus_POC/tree/master/TKFsAv_0x22045c"
},
{
"url" : "http://inca.co.kr/include_file/pdf_down/nProtect%20AVS%20V4%20Vulnerability%20Response%20Release%20Notes.pdf"
}
]
}

5
2018/6xxx/CVE-2018-6524.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20."
"value" : "In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20."
}
]
},
@ -54,6 +54,9 @@
"reference_data" : [
{
"url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/nProtectAntivirus_POC/tree/master/TKFsAv_0x220c20"
},
{
"url" : "http://inca.co.kr/include_file/pdf_down/nProtect%20AVS%20V4%20Vulnerability%20Response%20Release%20Notes.pdf"
}
]
}

5
2018/6xxx/CVE-2018-6525.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458."
"value" : "In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458."
}
]
},
@ -54,6 +54,9 @@
"reference_data" : [
{
"url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/nProtectAntivirus_POC/tree/master/TKFsAv_0x220458"
},
{
"url" : "http://inca.co.kr/include_file/pdf_down/nProtect%20AVS%20V4%20Vulnerability%20Response%20Release%20Notes.pdf"
}
]
}