admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-10-04 10:06:06 -04:00
parent 43bb2616b1
commit b74fdc6ec5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 167 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2017/5xxx/CVE-2017-5658.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The statistics generator was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue."
"value" : "The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "[dev] 20181004 [NOTICE] CVE-2017-5658: Derived information disclosure by Apache Pony Mail",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/6a18cf5690d54231836f277f2b4346b53da3b6b6b08fee4c4ef4977e@%3Cdev.ponymail.apache.org%3E"
}
]

110
2018/12xxx/CVE-2018-12470.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"DATE_PUBLIC": "2018-09-27T00:00:00.000Z",
"ID": "CVE-2018-12470",
"STATE": "PUBLIC",
"TITLE": "SQL injection in RegistrationSharing module"
"CVE_data_meta" : {
"ASSIGNER" : "security@suse.de",
"DATE_PUBLIC" : "2018-09-27T00:00:00.000Z",
"ID" : "CVE-2018-12470",
"STATE" : "PUBLIC",
"TITLE" : "SQL injection in RegistrationSharing module"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "SMT",
"version": {
"version_data": [
"product_name" : "SMT",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "3.0.37"
"affected" : "<",
"version_value" : "3.0.37"
}
]
}
}
]
},
"vendor_name": "SUSE Linux"
"vendor_name" : "SUSE Linux"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Jake Miller"
"lang" : "eng",
"value" : "Jake Miller"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements.\nAffected releases are SUSE Linux SMT:\n versions prior to 3.0.37."
"lang" : "eng",
"value" : "A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.8,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
"lang" : "eng",
"value" : "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1103810",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103810"
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1103810",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1103810"
}
]
},
"source": {
"defect": [
"source" : {
"defect" : [
"https://bugzilla.suse.com/show_bug.cgi?id=1103810"
],
"discovery": "EXTERNAL"
"discovery" : "EXTERNAL"
}
}
}

108
2018/12xxx/CVE-2018-12471.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"DATE_PUBLIC": "2018-09-27T00:00:00.000Z",
"ID": "CVE-2018-12471",
"STATE": "PUBLIC",
"TITLE": "External Entity processing in the RegistrationSharing module"
"CVE_data_meta" : {
"ASSIGNER" : "security@suse.de",
"DATE_PUBLIC" : "2018-09-27T00:00:00.000Z",
"ID" : "CVE-2018-12471",
"STATE" : "PUBLIC",
"TITLE" : "External Entity processing in the RegistrationSharing module"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "SMT",
"version": {
"version_data": [
"product_name" : "SMT",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "3.0.37"
"affected" : "<",
"version_value" : "3.0.37"
}
]
}
}
]
},
"vendor_name": "SUSE Linux"
"vendor_name" : "SUSE Linux"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Jake Miller"
"lang" : "eng",
"value" : "Jake Miller"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements.\nAffected releases are SUSE Linux SMT:\n versions prior to 3.0.37."
"lang" : "eng",
"value" : "A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"
"lang" : "eng",
"value" : "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1103809",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103809"
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1103809",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1103809"
}
]
},
"source": {
"defect": [
"source" : {
"defect" : [
"https://bugzilla.suse.com/show_bug.cgi?id=1103809"
],
"discovery": "EXTERNAL"
"discovery" : "EXTERNAL"
}
}

110
2018/12xxx/CVE-2018-12472.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"DATE_PUBLIC": "2018-09-27T00:00:00.000Z",
"ID": "CVE-2018-12472",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass in sibling check"
"CVE_data_meta" : {
"ASSIGNER" : "security@suse.de",
"DATE_PUBLIC" : "2018-09-27T00:00:00.000Z",
"ID" : "CVE-2018-12472",
"STATE" : "PUBLIC",
"TITLE" : "Authentication bypass in sibling check"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "SMT",
"version": {
"version_data": [
"product_name" : "SMT",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "3.0.37"
"affected" : "<",
"version_value" : "3.0.37"
}
]
}
}
]
},
"vendor_name": "SUSE Linux"
"vendor_name" : "SUSE Linux"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Jake Miller"
"lang" : "eng",
"value" : "Jake Miller"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server.\nAffected releases are SUSE Linux SMT:\n versions prior to 3.0.37."
"lang" : "eng",
"value" : "A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 7.3,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
"lang" : "eng",
"value" : "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1104076",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1104076"
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1104076",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1104076"
}
]
},
"source": {
"defect": [
"source" : {
"defect" : [
"https://bugzilla.suse.com/show_bug.cgi?id=1104076"
],
"discovery": "EXTERNAL"
"discovery" : "EXTERNAL"
}
}
}