admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-09-06 15:05:51 -04:00
parent 389d3dd22c
commit bdaee5f454
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 269 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2017/14xxx/CVE-2017-14026.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "IceQube Thermal Management Center versions prior to version 4.13 The web application does not properly authenticate users which may allow an attacker to gain access to sensitive information."
"value" : "In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
}
]

4
2017/16xxx/CVE-2017-16714.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "IceQube Thermal Management Center versions prior to version 4.13 Passwords are stored in plaintext in a file that is accessible without authentication."
"value" : "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
}
]

125
2018/1000xxx/CVE-2018-1000669.json
View File

@ -1,65 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2018-09-03T16:07:16.979484",
"DATE_REQUESTED": "2018-08-24T17:46:09",
"ID": "CVE-2018-1000669",
"REQUESTER": "jiakyooi95@hotmail.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KOHA Library System",
"version": {
"version_data": [
{
"version_value": "16.11.x (up until 16.11.13)"
},
{
"version_value": "17.05.x (up until 17.05.05)"
}
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-09-03T16:07:16.979484",
"DATE_REQUESTED" : "2018-08-24T17:46:09",
"ID" : "CVE-2018-1000669",
"REQUESTER" : "jiakyooi95@hotmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "KOHA Library System",
"version" : {
"version_data" : [
{
"version_value" : "16.11.x (up until 16.11.13)"
},
{
"version_value" : "17.05.x (up until 17.05.05)"
}
]
}
}
]
}
}
]
},
"vendor_name": "KOHA Library System"
}
},
"vendor_name" : "KOHA Library System"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross ite Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email.. This vulnerability appears to have been fixed in 17.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross ite Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross ite Request Forgery (CSRF)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117",
"refsource" : "CONFIRM",
"url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117"
}
]
}
}

125
2018/1000xxx/CVE-2018-1000670.json
View File

@ -1,65 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2018-09-03T16:07:16.980429",
"DATE_REQUESTED": "2018-08-24T17:52:47",
"ID": "CVE-2018-1000670",
"REQUESTER": "jiakyooi95@hotmail.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KOHA Library System",
"version": {
"version_data": [
{
"version_value": "16.11.x (up until 16.11.13)"
},
{
"version_value": "17.05.x (up until 17.05.05)"
}
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-09-03T16:07:16.980429",
"DATE_REQUESTED" : "2018-08-24T17:52:47",
"ID" : "CVE-2018-1000670",
"REQUESTER" : "jiakyooi95@hotmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "KOHA Library System",
"version" : {
"version_data" : [
{
"version_value" : "16.11.x (up until 16.11.13)"
},
{
"version_value" : "17.05.x (up until 17.05.05)"
}
]
}
}
]
}
}
]
},
"vendor_name": "KOHA Library System"
}
},
"vendor_name" : "KOHA Library System"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privillege escalation by taking control of higher privilleged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086",
"refsource" : "CONFIRM",
"url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086"
}
]
}
}

18
2018/16xxx/CVE-2018-16618.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16618",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/16xxx/CVE-2018-16619.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16619",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/16xxx/CVE-2018-16620.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16620",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/16xxx/CVE-2018-16621.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16621",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2018/16xxx/CVE-2018-16622.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/doramart/DoraCMS/issues/136",
"refsource" : "MISC",
"url" : "https://github.com/doramart/DoraCMS/issues/136"
}
]
}
}

2
2018/5xxx/CVE-2018-5005.json
View File

@ -53,7 +53,7 @@
"references" : {
"reference_data" : [
{
"name" : "APSB18-26",
"name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-26.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-26.html"
}