admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:CVEProject/cvelist

Browse Source
This commit is contained in:
CVE Team 2018-12-20 15:28:21 -05:00
commit bb43e528fd
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 279 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
2018/1000xxx/CVE-2018-1000883.json
View File

@ -1 +1,70 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573"},{"url": "https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml"}]},"description": {"description_data": [{"lang": "eng","value": "Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "All"}]},"product_name": "Plug"}]},"vendor_name": "Elixir Plug"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-20T10:18:08.690224","DATE_REQUESTED": "2018-12-19T13:39:45","ID": "CVE-2018-1000883","ASSIGNER": "kurt@seifried.org","REQUESTER": "maennchen@joshmartin.ch"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Header Injection"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-20T10:18:08.690224",
"DATE_REQUESTED" : "2018-12-19T13:39:45",
"ID" : "CVE-2018-1000883",
"REQUESTER" : "maennchen@joshmartin.ch",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Plug",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Elixir Plug"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Header Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml",
"refsource" : "MISC",
"url" : "https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml"
},
{
"name" : "https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573",
"refsource" : "MISC",
"url" : "https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000884.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/serghey-rodin/vesta/commit/5f68c1b634abec2d5a4f83156bfd223d3a792f77#diff-4d7863e8c24a5e6102073acc2fb0f227"}]},"description": {"description_data": [{"lang": "eng","value": "Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. This attack appear to be exploitable via Unauthenticated network connectivity. This vulnerability appears to have been fixed in After commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- release version 0.9.8-19."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18"}]},"product_name": "Vesta CP"}]},"vendor_name": "Vesta CP"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-20T10:18:08.691288","DATE_REQUESTED": "2018-12-18T17:33:10","ID": "CVE-2018-1000884","ASSIGNER": "kurt@seifried.org","REQUESTER": "rory.mackie@arcturussecurity.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-208 / Information Exposure Through Timing Discrepancy"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-20T10:18:08.691288",
"DATE_REQUESTED" : "2018-12-18T17:33:10",
"ID" : "CVE-2018-1000884",
"REQUESTER" : "rory.mackie@arcturussecurity.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Vesta CP",
"version" : {
"version_data" : [
{
"version_value" : "Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18"
}
]
}
}
]
},
"vendor_name" : "Vesta CP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. This attack appear to be exploitable via Unauthenticated network connectivity. This vulnerability appears to have been fixed in After commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- release version 0.9.8-19."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-208 / Information Exposure Through Timing Discrepancy"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/serghey-rodin/vesta/commit/5f68c1b634abec2d5a4f83156bfd223d3a792f77#diff-4d7863e8c24a5e6102073acc2fb0f227",
"refsource" : "MISC",
"url" : "https://github.com/serghey-rodin/vesta/commit/5f68c1b634abec2d5a4f83156bfd223d3a792f77#diff-4d7863e8c24a5e6102073acc2fb0f227"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000885.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://tech.feedyourhead.at/content/full-disclosure-remote-command-execution-in-phkp"}]},"description": {"description_data": [{"lang": "eng","value": "PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b"}]},"product_name": "PHKP"}]},"vendor_name": "PHKP"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-20T10:18:08.692244","DATE_REQUESTED": "2018-12-20T06:25:25","ID": "CVE-2018-1000885","ASSIGNER": "kurt@seifried.org","REQUESTER": "sec@feedyourhead.at"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-20T10:18:08.692244",
"DATE_REQUESTED" : "2018-12-20T06:25:25",
"ID" : "CVE-2018-1000885",
"REQUESTER" : "sec@feedyourhead.at",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PHKP",
"version" : {
"version_data" : [
{
"version_value" : "including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b"
}
]
}
}
]
},
"vendor_name" : "PHKP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tech.feedyourhead.at/content/full-disclosure-remote-command-execution-in-phkp",
"refsource" : "MISC",
"url" : "https://tech.feedyourhead.at/content/full-disclosure-remote-command-execution-in-phkp"
}
]
}
}

66
2018/1000xxx/CVE-2018-1000886.json
View File

@ -1 +1,65 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392514"}]},"description": {"description_data": [{"lang": "eng","value": "nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.14.01rc5, 2.15"}]},"product_name": "nasm"}]},"vendor_name": "nasm"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-20T10:18:08.693272","DATE_REQUESTED": "2018-12-20T06:31:47","ID": "CVE-2018-1000886","ASSIGNER": "kurt@seifried.org","REQUESTER": "situlingyun@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Buffer Overflow"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-20T10:18:08.693272",
"DATE_REQUESTED" : "2018-12-20T06:31:47",
"ID" : "CVE-2018-1000886",
"REQUESTER" : "situlingyun@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "nasm",
"version" : {
"version_data" : [
{
"version_value" : "2.14.01rc5, 2.15"
}
]
}
}
]
},
"vendor_name" : "nasm"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392514",
"refsource" : "MISC",
"url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392514"
}
]
}
}

2
2018/15xxx/CVE-2018-15329.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K61620494",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K61620494"
}
]

2
2018/15xxx/CVE-2018-15330.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K23328310",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K23328310"
}
]

2
2018/15xxx/CVE-2018-15331.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K54843525",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K54843525"
}
]

4
2018/8xxx/CVE-2018-8888.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "? A stored cross-site scripting (XSS) vulnerability in?the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
"value" : "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
}
]
},
@ -53,6 +53,8 @@
"references" : {
"reference_data" : [
{
"name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
"refsource" : "CONFIRM",
"url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
]

4
2018/8xxx/CVE-2018-8891.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed?in?the context of another Management Console administrator."
"value" : "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
}
]
},
@ -53,6 +53,8 @@
"references" : {
"reference_data" : [
{
"name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
"refsource" : "CONFIRM",
"url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
]

2
2018/8xxx/CVE-2018-8892.json
View File

@ -53,6 +53,8 @@
"references" : {
"reference_data" : [
{
"name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
"refsource" : "CONFIRM",
"url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
]