admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-11-28 14:04:55 -05:00
parent ae7c9da6de
commit b00d020b43
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
3 changed files with 155 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2018/19xxx/CVE-2018-19648.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19648",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/19xxx/CVE-2018-19649.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19649",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

244
2018/5xxx/CVE-2018-5559.json
View File

@ -1,130 +1,126 @@
{ {
"data_type": "CVE", "CVE_data_meta" : {
"data_format": "MITRE", "AKA" : "",
"data_version": "4.0", "ASSIGNER" : "cve@rapid7.com",
"CVE_data_meta": { "DATE_PUBLIC" : "2018-11-07T18:00:00.000Z",
"ID": "CVE-2018-5559", "ID" : "CVE-2018-5559",
"ASSIGNER": "cve@rapid7.com", "STATE" : "PUBLIC",
"DATE_PUBLIC": "2018-11-07T18:00:00.000Z", "TITLE" : ""
"TITLE": "",
"AKA": "",
"STATE": "PUBLIC"
}, },
"source": { "affects" : {
"defect": [ "vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Komand",
"version" : {
"version_data" : [
{
"affected" : "<=",
"platform" : "",
"version_name" : "0.41.0",
"version_value" : "0.41.0"
},
{
"affected" : "!>=",
"platform" : "",
"version_name" : "0.42.0",
"version_value" : "0.42.0"
}
]
}
}
]
},
"vendor_name" : "Rapid7"
}
]
}
},
"configuration" : [
{
"lang" : "eng",
"value" : "In order to expose this issue, a Komand administrator must first configure an affected plugin with a password."
}
],
"credit" : [
{
"lang" : "eng",
"value" : "Alexander Jäger, https://twitter.com/alexanderjaeger"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions."
}
]
},
"exploit" : [],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 3.4,
"baseSeverity" : "LOW",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-212"
},
{
"lang" : "eng",
"value" : "Improper Cross-boundary Removal of Sensitive Data"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.alexanderjaeger.de/cve-2018-5559_my_first_cve/",
"refsource" : "MISC",
"url" : "https://www.alexanderjaeger.de/cve-2018-5559_my_first_cve/"
},
{
"name" : "https://docs.komand.com/docs/release-notes#section-komand-v0-42-0-2018-11-1",
"refsource" : "CONFIRM",
"url" : "https://docs.komand.com/docs/release-notes#section-komand-v0-42-0-2018-11-1"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "Update to at least version 0.42.0 of Rapid7 Komand"
}
],
"source" : {
"advisory" : "",
"defect" : [
"R7-2018-53" "R7-2018-53"
], ],
"advisory": "", "discovery" : "EXTERNAL"
"discovery": "EXTERNAL"
}, },
"affects": { "work_around" : []
"vendor": {
"vendor_data": [
{
"vendor_name": "Rapid7",
"product": {
"product_data": [
{
"product_name": "Komand",
"version": {
"version_data": [
{
"version_name": "0.41.0",
"affected": "<=",
"version_value": "0.41.0",
"platform": ""
},
{
"version_name": "0.42.0",
"affected": "!>=",
"version_value": "0.42.0",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel."
},
{
"lang": "eng",
"value": "This issue affects:\nRapid7 Komand version 0.41.0 and prior versions.\n\nThis issue does not affect:\nRapid7 Komand version 0.42.0 and later versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-212"
},
{
"lang": "eng",
"value": "Improper Cross-boundary Removal of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://docs.komand.com/docs/release-notes#section-komand-v0-42-0-2018-11-1",
"name": "https://docs.komand.com/docs/release-notes#section-komand-v0-42-0-2018-11-1"
},
{
"refsource": "MISC",
"url": "https://www.alexanderjaeger.de/cve-2018-5559_my_first_cve/",
"name": "https://www.alexanderjaeger.de/cve-2018-5559_my_first_cve/"
}
]
},
"configuration": [
{
"lang": "eng",
"value": "In order to expose this issue, a Komand administrator must first configure an affected plugin with a password."
}
],
"impact": {
"cvss": {
"version": "3.0",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"baseScore": 3.4,
"baseSeverity": "LOW"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Update to at least version 0.42.0 of Rapid7 Komand"
}
],
"credit": [
{
"lang": "eng",
"value": "Alexander Jäger, https://twitter.com/alexanderjaeger"
}
]
} }