admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-09 16:04:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-16 09:04:25 -04:00
parent 79b080d51d
commit beba92ccfc
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 291 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
2017/2xxx/CVE-2017-2638.json
View File

@ -1,69 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2638",
"ASSIGNER": "sfowler@redhat.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "infinispan",
"version": {
"version_data": [
{
"version_value": "Infinispan 9.0.0.Final"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2017-2638",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "infinispan",
"version" : {
"version_data" : [
{
"version_value" : "Infinispan 9.0.0.Final"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-306"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638"
},
{
"name" : "https://github.com/infinispan/infinispan/pull/4936/commits",
"refsource" : "CONFIRM",
"url" : "https://github.com/infinispan/infinispan/pull/4936/commits"
},
{
"name" : "https://issues.jboss.org/browse/ISPN-7485",
"refsource" : "CONFIRM",
"url" : "https://issues.jboss.org/browse/ISPN-7485"
}
]
}
}

140
2017/7xxx/CVE-2017-7468.json
View File

@ -1,69 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-7468",
"ASSIGNER": "sfowler@redhat.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "curl",
"version": {
"version_data": [
{
"version_value": "curl 7.54.0"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2017-7468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "curl",
"version" : {
"version_data" : [
{
"version_value" : "curl 7.54.0"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-295"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468"
},
{
"name" : "https://curl.haxx.se/docs/adv_20170419.html",
"refsource" : "CONFIRM",
"url" : "https://curl.haxx.se/docs/adv_20170419.html"
}
]
}
}

96
2018/13xxx/CVE-2018-13387.json
View File

@ -1,93 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-07-13T00:00:00",
"ID": "CVE-2018-13387",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-07-13T00:00:00",
"ID" : "CVE-2018-13387",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Jira",
"version": {
"version_data": [
"product_name" : "Jira",
"version" : {
"version_data" : [
{
"version_value": "7.6.7",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.6.7"
},
{
"version_value": "7.7.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.7.0"
},
{
"version_value": "7.7.5",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.7.5"
},
{
"version_value": "7.8.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.8.0"
},
{
"version_value": "7.8.5",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.8.5"
},
{
"version_value": "7.9.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.9.0"
},
{
"version_value": "7.9.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.9.3"
},
{
"version_value": "7.10.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.10.0"
},
{
"version_value": "7.10.2",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.10.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"vendor_name" : "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete."
"lang" : "eng",
"value" : "The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-67526"
"name" : "https://jira.atlassian.com/browse/JRASERVER-67526",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-67526"
}
]
}

58
2018/14xxx/CVE-2018-14071.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14071",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt",
"refsource" : "MISC",
"url" : "https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt"
},
{
"name" : "https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f",
"refsource" : "MISC",
"url" : "https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f"
},
{
"name" : "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817",
"refsource" : "MISC",
"url" : "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817"
}
]
}

64
2018/5xxx/CVE-2018-5229.json
View File

@ -1,61 +1,63 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-07-16T00:00:00",
"ID": "CVE-2018-5229",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-07-16T00:00:00",
"ID" : "CVE-2018-5229",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Universal Plugin Manager",
"version": {
"version_data": [
"product_name" : "Universal Plugin Manager",
"version" : {
"version_data" : [
{
"version_value": "2.22.9",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "2.22.9"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"vendor_name" : "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names."
"lang" : "eng",
"value" : "The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://ecosystem.atlassian.net/browse/UPM-5871"
"name" : "https://ecosystem.atlassian.net/browse/UPM-5871",
"refsource" : "CONFIRM",
"url" : "https://ecosystem.atlassian.net/browse/UPM-5871"
}
]
}