admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-03-13 17:03:14 -04:00
parent 68d811f465
commit 99eae0f3f2
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
6 changed files with 381 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
2018/1000xxx/CVE-2018-1000123.json
View File

@ -1 +1,62 @@
{"data_version":"4.0","references":{"reference_data":[{"url":"https://github.com/ionic-team/cordova-plugin-ios-keychain/pull/29/commits/980230645c8ea3b531b85401de5e4bca0f860e42#diff-936020291e4c2115faff0171f20672a4"}]},"description":{"description_data":[{"lang":"eng","value":"Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs. This vulnerability appears to have been fixed in after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"Before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf"}]},"product_name":"Cordova plugin iOS Keychain"}]},"vendor_name":"Ionic Team"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"3/6/2018 4:10:23","ID":"CVE-2018-1000123","ASSIGNER":"kurt@seifried.org","REQUESTER":"wojciech.regula@securing.pl"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-532: Information Exposure Through Log Files"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "3/6/2018 4:10:23",
"ID" : "CVE-2018-1000123",
"REQUESTER" : "wojciech.regula@securing.pl",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cordova plugin iOS Keychain",
"version" : {
"version_data" : [
{
"version_value" : "Before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf"
}
]
}
}
]
},
"vendor_name" : "Ionic Team"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs. This vulnerability appears to have been fixed in after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-532: Information Exposure Through Log Files"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/ionic-team/cordova-plugin-ios-keychain/pull/29/commits/980230645c8ea3b531b85401de5e4bca0f860e42#diff-936020291e4c2115faff0171f20672a4"
}
]
}
}

63
2018/1000xxx/CVE-2018-1000124.json
View File

@ -1 +1,62 @@
{"data_version":"4.0","references":{"reference_data":[{"url":"https://github.com/mkucej/i-librarian/issues/116"}]},"description":{"description_data":[{"lang":"eng","value":"I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"4.8 and earlier"}]},"product_name":"I-librarian"}]},"vendor_name":"I Librarian"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"3/3/2018 20:56:32","ID":"CVE-2018-1000124","ASSIGNER":"kurt@seifried.org","REQUESTER":"3022235906@qq.com"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"XML External Entity (XXE)"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "3/3/2018 20:56:32",
"ID" : "CVE-2018-1000124",
"REQUESTER" : "3022235906@qq.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "I-librarian",
"version" : {
"version_data" : [
{
"version_value" : "4.8 and earlier"
}
]
}
}
]
},
"vendor_name" : "I Librarian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity (XXE)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/mkucej/i-librarian/issues/116"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000125.json
View File

@ -1 +1,65 @@
{"data_version":"4.0","references":{"reference_data":[{"url":"https://github.com/inversoft/prime-jwt/issues/2"},{"url":"https://github.com/inversoft/prime-jwt/blob/master/CHANGES"}]},"description":{"description_data":[{"lang":"eng","value":"inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack appear to be exploitable via an attacker crafting a token with a valid header and body and then requests it to be validated. This vulnerability appears to have been fixed in 1.3.0 and later or after commit 0d94dcef0133d699f21d217e922564adbb83a227."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227"}]},"product_name":"prime-jwt"}]},"vendor_name":"inversoft"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"3/1/2018 18:13:33","ID":"CVE-2018-1000125","ASSIGNER":"kurt@seifried.org","REQUESTER":"daniel@inversoft.com"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "3/1/2018 18:13:33",
"ID" : "CVE-2018-1000125",
"REQUESTER" : "daniel@inversoft.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "prime-jwt",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227"
}
]
}
}
]
},
"vendor_name" : "inversoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack appear to be exploitable via an attacker crafting a token with a valid header and body and then requests it to be validated. This vulnerability appears to have been fixed in 1.3.0 and later or after commit 0d94dcef0133d699f21d217e922564adbb83a227."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/inversoft/prime-jwt/blob/master/CHANGES"
},
{
"url" : "https://github.com/inversoft/prime-jwt/issues/2"
}
]
}
}

63
2018/1000xxx/CVE-2018-1000126.json
View File

@ -1 +1,62 @@
{"data_version":"4.0","references":{"reference_data":[{"url":"https://medium.com/stolabs/security-issues-on-ajenti-d2b7526eaeee"}]},"description":{"description_data":[{"lang":"eng","value":"Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system ennumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"2"}]},"product_name":"Ajenti"}]},"vendor_name":"Ajenti"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"3/6/2018 15:26:37","ID":"CVE-2018-1000126","ASSIGNER":"kurt@seifried.org","REQUESTER":"lucas.carmo@stone.com.br"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information Disclosure"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "3/6/2018 15:26:37",
"ID" : "CVE-2018-1000126",
"REQUESTER" : "lucas.carmo@stone.com.br",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Ajenti",
"version" : {
"version_data" : [
{
"version_value" : "2"
}
]
}
}
]
},
"vendor_name" : "Ajenti"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://medium.com/stolabs/security-issues-on-ajenti-d2b7526eaeee"
}
]
}
}

69
2018/1000xxx/CVE-2018-1000127.json
View File

@ -1 +1,68 @@
{"data_version":"4.0","references":{"reference_data":[{"url":"https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00"},{"url":"https://github.com/memcached/memcached/issues/271"},{"url":"https://github.com/memcached/memcached/wiki/ReleaseNotes1437"}]},"description":{"description_data":[{"lang":"eng","value":"memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"prior to 1.4.37"}]},"product_name":"memcached"}]},"vendor_name":"memcached"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"3/8/2018 0:33:22","ID":"CVE-2018-1000127","ASSIGNER":"kurt@seifried.org","REQUESTER":"dormando@gmail.com"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Integer Overflow"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "3/8/2018 0:33:22",
"ID" : "CVE-2018-1000127",
"REQUESTER" : "dormando@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "memcached",
"version" : {
"version_data" : [
{
"version_value" : "prior to 1.4.37"
}
]
}
}
]
},
"vendor_name" : "memcached"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00"
},
{
"url" : "https://github.com/memcached/memcached/issues/271"
},
{
"url" : "https://github.com/memcached/memcached/wiki/ReleaseNotes1437"
}
]
}
}

63
2018/1000xxx/CVE-2018-1000128.json
View File

@ -1 +1,62 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/gpac/gpac/issues/997"}]},"description": {"description_data": [{"lang": "eng","value": "GPAC MP4Box version prior to commit 90dc7f853d31b0a4e9441cba97feccf36d8b69a4 contains a Buffer Overflow vulnerability in src/media_tools/av_parsers.c, lines 2387-2388: https://github.com/gpac/gpac/blob/84c4e606a1f906cd4b07ad94d19cea2b668f64ad/src/media_tools/av_parsers.c#L2387-L2388 that can result in may allow an attacker to achieve remote code execution. This attack appear to be exploitable via The victim must open a specially crafted MP4 file. This vulnerability appears to have been fixed in after commit 90dc7f853d31b0a4e9441cba97feccf36d8b69a4."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "prior to commit 90dc7f853d31b0a4e9441cba97feccf36d8b69a4"}]},"product_name": "MP4Box"}]},"vendor_name": "GPAC"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "3/9/2018 13:04:49","ID": "CVE-2018-1000128","ASSIGNER": "kurt@seifried.org","REQUESTER": "gsingh2011@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Buffer Overflow"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "3/9/2018 13:04:49",
"ID" : "CVE-2018-1000128",
"REQUESTER" : "gsingh2011@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MP4Box",
"version" : {
"version_data" : [
{
"version_value" : "prior to commit 90dc7f853d31b0a4e9441cba97feccf36d8b69a4"
}
]
}
}
]
},
"vendor_name" : "GPAC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GPAC MP4Box version prior to commit 90dc7f853d31b0a4e9441cba97feccf36d8b69a4 contains a Buffer Overflow vulnerability in src/media_tools/av_parsers.c, lines 2387-2388: https://github.com/gpac/gpac/blob/84c4e606a1f906cd4b07ad94d19cea2b668f64ad/src/media_tools/av_parsers.c#L2387-L2388 that can result in may allow an attacker to achieve remote code execution. This attack appear to be exploitable via The victim must open a specially crafted MP4 file. This vulnerability appears to have been fixed in after commit 90dc7f853d31b0a4e9441cba97feccf36d8b69a4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://github.com/gpac/gpac/issues/997"
}
]
}
}