admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-03-16 16:04:57 -04:00
parent ebe1feaf31
commit b225654a3f
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
6 changed files with 63 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2016/9xxx/CVE-2016-9880.json
View File

@ -38,7 +38,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The GemFire broker for Cloud Foundry has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker."
"value" : "The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker."
}
]
},

2
2017/14xxx/CVE-2017-14384.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Resolved a directory traversal vulnerability (CVE-2017-14384). In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability."
"value" : "In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability."
}
]
},

2
2017/8xxx/CVE-2017-8013.json
View File

@ -38,7 +38,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Data Protection Advisor contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: \"Apollo System Test\", \"emc.dpa.agent.logon\" and \"emc.dpa.metrics.logon\". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges)."
"value" : "EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: \"Apollo System Test\", \"emc.dpa.agent.logon\" and \"emc.dpa.metrics.logon\". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges)."
}
]
},

116
2018/1xxx/CVE-2018-1078.json
View File

@ -1,62 +1,62 @@
{
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_ASSIGNED": "2018-03-14",
"ID": "CVE-2018-1078",
"REQUESTER": "kseifried@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenDayLight",
"product": {
"product_data": [
{
"product_name": "OpenDayLight",
"version": {
"version_data": [
{
"version_value": "Carbon SR3"
}
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_ASSIGNED" : "2018-03-14",
"ID" : "CVE-2018-1078",
"REQUESTER" : "kseifried@redhat.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OpenDayLight",
"version" : {
"version_data" : [
{
"version_value" : "Carbon SR3"
}
]
}
}
]
}
}
]
}
}
},
"vendor_name" : "OpenDayLight"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired."
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.opendaylight.org/browse/OPNFLWPLUG-971"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://jira.opendaylight.org/browse/OPNFLWPLUG-971"
}
]
}
}

2
2018/1xxx/CVE-2018-1199.json
View File

@ -41,7 +41,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification (see below). Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed."
"value" : "Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed."
}
]
},

2
2018/1xxx/CVE-2018-1200.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Apps Manager for PCF allows unprivileged remote file read in its container via specially-crafted links."
"value" : "Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links."
}
]
},