admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-24 15:06:30 -04:00
parent 02d9bef731
commit ad017de9d1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
7 changed files with 249 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
2018/11xxx/CVE-2018-11044.json
View File

@ -1,82 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-07-23T04:00:00.000Z",
"ID": "CVE-2018-11044",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-07-23T04:00:00.000Z",
"ID" : "CVE-2018-11044",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Pivotal Application Service",
"version": {
"version_data": [
"product_name" : "Pivotal Application Service",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "2.2.x ",
"version_value": "2.2.1 "
"affected" : "<",
"version_name" : "2.2.x ",
"version_value" : "2.2.1 "
},
{
"affected": "<",
"version_name": "2.1.x ",
"version_value": "2.1.8 "
"affected" : "<",
"version_name" : "2.1.x ",
"version_value" : "2.1.8 "
},
{
"affected": "<",
"version_name": "2.0.x",
"version_value": "2.0.17"
"affected" : "<",
"version_name" : "2.0.x",
"version_value" : "2.0.17"
},
{
"affected": "<",
"version_name": "1.12.x",
"version_value": "1.12.26"
"affected" : "<",
"version_name" : "1.12.x",
"version_value" : "1.12.26"
}
]
}
}
]
},
"vendor_name": "Pivotal"
"vendor_name" : "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email."
"lang" : "eng",
"value" : "Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Information exposure"
"lang" : "eng",
"value" : "Information exposure"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-11044"
"name" : "https://pivotal.io/security/cve-2018-11044",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-11044"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

97
2018/11xxx/CVE-2018-11047.json
View File

@ -1,87 +1,88 @@
{
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-07-18T04:00:00.000Z",
"ID": "CVE-2018-11047",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-07-18T04:00:00.000Z",
"ID" : "CVE-2018-11047",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Cloud Foundry UAA",
"version": {
"version_data": [
"product_name" : "Cloud Foundry UAA",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "4.19",
"version_value": "4.19.2"
"affected" : "<",
"version_name" : "4.19",
"version_value" : "4.19.2"
},
{
"affected": "<",
"version_name": "4.12",
"version_value": "4.12.4"
"affected" : "<",
"version_name" : "4.12",
"version_value" : "4.12.4"
},
{
"affected": "<",
"version_name": "4.10",
"version_value": "4.10.2"
"affected" : "<",
"version_name" : "4.10",
"version_value" : "4.10.2"
},
{
"affected": "<",
"version_name": "4.7",
"version_value": "4.7.6"
"affected" : "<",
"version_name" : "4.7",
"version_value" : "4.7.6"
},
{
"affected": "<",
"version_name": "4.5",
"version_value": "4.5.7"
"affected" : "<",
"version_name" : "4.5",
"version_value" : "4.5.7"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry "
"vendor_name" : "Cloud Foundry "
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longer expiration time than access tokens, allowing the possessor of a refresh token to authenticate longer than expected. This affects the administrative endpoints of the UAA. i.e. /Users, /Groups, etc. However, if the user has been deleted or had groups removed, or the client was deleted, the refresh token will no longer be valid."
"lang" : "eng",
"value" : "Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longer expiration time than access tokens, allowing the possessor of a refresh token to authenticate longer than expected. This affects the administrative endpoints of the UAA. i.e. /Users, /Groups, etc. However, if the user has been deleted or had groups removed, or the client was deleted, the refresh token will no longer be valid."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Application Logic Error"
"lang" : "eng",
"value" : "Application Logic Error"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2018-11047/"
"name" : "https://www.cloudfoundry.org/blog/cve-2018-11047/",
"refsource" : "CONFIRM",
"url" : "https://www.cloudfoundry.org/blog/cve-2018-11047/"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

99
2018/11xxx/CVE-2018-11059.json
View File

@ -1,82 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-06-18T04:00:00.000Z",
"ID": "CVE-2018-11059",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-06-18T04:00:00.000Z",
"ID" : "CVE-2018-11059",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "RSA Archer",
"version": {
"version_data": [
"product_name" : "RSA Archer",
"version" : {
"version_data" : [
{
"affected": ">",
"version_value": "6.4.0.1"
"affected" : ">",
"version_value" : "6.4.0.1"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated \nmalicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a \ntrusted application data store. When application users access the corrupted data store through their browsers, the \nmalicious code gets executed by the web browser in the context of the vulnerable web application.\n"
"lang" : "eng",
"value" : "RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 8.2,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Stored Cross-Site Scripting Vulnerability"
"lang" : "eng",
"value" : "Stored Cross-Site Scripting Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2018/Jul/69"
"name" : "20180718 DSA-2018-130: RSA Archer Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jul/69"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

99
2018/11xxx/CVE-2018-11060.json
View File

@ -1,82 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-06-18T04:00:00.000Z",
"ID": "CVE-2018-11060",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-06-18T04:00:00.000Z",
"ID" : "CVE-2018-11060",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "RSA Archer",
"version": {
"version_data": [
"product_name" : "RSA Archer",
"version" : {
"version_data" : [
{
"affected": ">",
"version_value": "6.4.0.1"
"affected" : ">",
"version_value" : "6.4.0.1"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote \nauthenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.\n"
"lang" : "eng",
"value" : "RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "REST API Authorization Bypass Vulnerability"
"lang" : "eng",
"value" : "REST API Authorization Bypass Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2018/Jul/69"
"name" : "20180718 DSA-2018-130: RSA Archer Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jul/69"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

18
2018/14xxx/CVE-2018-14591.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14591",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/14xxx/CVE-2018-14592.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14592",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/14xxx/CVE-2018-14593.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14593",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}