admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-01-22 11:05:03 -05:00
parent e97ac21249
commit 950ea50c24
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
7 changed files with 373 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2017/6xxx/CVE-2017-6923.json
View File

@ -1,94 +1,94 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-6923",
"ASSIGNER": "mlhess@drupal.org",
"DATE_PUBLIC": "",
"TITLE": "Access bypass in Drupal 8 views",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [],
"advisory": "",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Drupal core",
"version": {
"version_data": [
{
"version_name": "8.x",
"affected": "<",
"version_value": "8.3.7",
"platform": ""
}
"CVE_data_meta" : {
"AKA" : "",
"ASSIGNER" : "mlhess@drupal.org",
"DATE_PUBLIC" : "",
"ID" : "CVE-2017-6923",
"STATE" : "PUBLIC",
"TITLE" : "Access bypass in Drupal 8 views"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Drupal core",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "",
"version_name" : "8.x",
"version_value" : "8.3.7"
}
]
}
}
]
}
}
]
}
}
},
"vendor_name" : "Drupal"
}
]
}
},
"configuration" : [],
"credit" : [],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them."
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view.\n\nIt is best practice to always include some form of access restrictions on all views, even if you are using another module to display them."
},
"exploit" : [],
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "PHYSICAL",
"availabilityImpact" : "NONE",
"baseScore" : 0,
"baseSeverity" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N",
"version" : "3.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple",
"name": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.0",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N",
"baseScore": 0,
"baseSeverity": "NONE"
}
},
"exploit": [],
"work_around": [],
"solution": [],
"credit": []
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Access bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple"
}
]
},
"solution" : [],
"source" : {
"advisory" : "",
"defect" : [],
"discovery" : "UNKNOWN"
},
"work_around" : []
}

18
2019/6xxx/CVE-2019-6505.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6505",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/6xxx/CVE-2019-6506.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6506",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2019/6xxx/CVE-2019-6507.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6507",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/creditease-sec/insight/issues/42",
"refsource" : "MISC",
"url" : "https://github.com/creditease-sec/insight/issues/42"
}
]
}
}

62
2019/6xxx/CVE-2019-6508.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6508",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/creditease-sec/insight/issues/42",
"refsource" : "MISC",
"url" : "https://github.com/creditease-sec/insight/issues/42"
}
]
}
}

62
2019/6xxx/CVE-2019-6509.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/creditease-sec/insight/issues/42",
"refsource" : "MISC",
"url" : "https://github.com/creditease-sec/insight/issues/42"
}
]
}
}

62
2019/6xxx/CVE-2019-6510.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/creditease-sec/insight/issues/42",
"refsource" : "MISC",
"url" : "https://github.com/creditease-sec/insight/issues/42"
}
]
}
}