admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-02-12 15:07:28 -05:00
parent a7ef39187e
commit c13393c0eb
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 275 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
2018/17xxx/CVE-2018-17542.json
View File

@ -1,109 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17542",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2018-11-23T16:00:00.000Z",
"TITLE": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [],
"advisory": "",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OAKlouds ",
"product": {
"product_data": [
{
"product_name": "MailSherlock",
"version": {
"version_data": [
{
"version_name": "",
"affected": "<",
"version_value": "1.5.235",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
"CVE_data_meta" : {
"AKA" : "",
"ASSIGNER" : "cve@cert.org.tw",
"DATE_PUBLIC" : "2018-11-23T16:00:00.000Z",
"ID" : "CVE-2018-17542",
"STATE" : "PUBLIC",
"TITLE" : "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "SQL Injection"
"product" : {
"product_data" : [
{
"product_name" : "MailSherlock",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "",
"version_name" : "",
"version_value" : "1.5.235"
}
]
}
}
]
},
"vendor_name" : "OAKlouds "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28",
"name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28"
},
{
"refsource": "CONFIRM",
"url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73",
"name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.0",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
]
}
},
"exploit": [],
"work_around": [],
"solution": [
},
"configuration" : [],
"credit" : [
{
"lang": "eng",
"value": "Update the software to the latest version."
"lang" : "eng",
"value" : "Researcher from a Technology enterprise"
}
],
"credit": [
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request."
}
]
},
"exploit" : [],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 4.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73",
"refsource" : "CONFIRM",
"url" : "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73"
},
{
"name" : "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28",
"refsource" : "CONFIRM",
"url" : "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28"
}
]
},
"solution" : [
{
"lang": "eng",
"value": "Researcher from a Technology enterprise"
"lang" : "eng",
"value" : "Update the software to the latest version."
}
]
}
],
"source" : {
"advisory" : "",
"defect" : [],
"discovery" : "UNKNOWN"
},
"work_around" : []
}

86
2018/19xxx/CVE-2018-19645.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-01-23T01:00:00.000Z",
"ID": "CVE-2018-19645",
"STATE": "PUBLIC",
"TITLE": "Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5"
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC" : "2019-01-23T01:00:00.000Z",
"ID" : "CVE-2018-19645",
"STATE" : "PUBLIC",
"TITLE" : "Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "NetIQ Access Manager (NAM)",
"version": {
"version_data": [
"product_name" : "NetIQ Access Manager (NAM)",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "Solutions Business Manager (SBM)",
"version_value": "11.5"
"affected" : "<",
"version_name" : "Solutions Business Manager (SBM)",
"version_value" : "11.5"
}
]
}
}
]
},
"vendor_name": "NetIQ eDirectory"
"vendor_name" : "NetIQ eDirectory"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE. \n\n"
"lang" : "eng",
"value" : "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE. \n\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
"lang" : "eng",
"value" : "An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Authentication Bypass"
"lang" : "eng",
"value" : "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
"name" : "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm",
"refsource" : "CONFIRM",
"url" : "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
"lang" : "eng",
"value" : "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
"source" : {
"discovery" : "EXTERNAL"
}
}

2
2018/5xxx/CVE-2018-5499.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://security.netapp.com/advisory/ntap-20190125-0003/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20190125-0003/"
}
]

166
2019/1xxx/CVE-2019-1688.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-02-12T16:00:00-0800",
"ID": "CVE-2019-1688",
"STATE": "PUBLIC",
"TITLE": "Cisco Network Assurance Engine CLI Access with Default Password Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Network Assurance Engine ",
"version": {
"version_data": [
{
"version_value": "3.0(1)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-02-12T16:00:00-0800",
"ID" : "CVE-2019-1688",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Network Assurance Engine CLI Access with Default Password Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Network Assurance Engine ",
"version" : {
"version_data" : [
{
"version_value" : "3.0(1)"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "7.7",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-798"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1)."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.7",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190212 Cisco Network Assurance Engine CLI Access with Default Password Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20190212-nae-dos",
"defect": [
[
"CSCvo18229"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190212 Cisco Network Assurance Engine CLI Access with Default Password Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190212-nae-dos",
"defect" : [
[
"CSCvo18229"
]
],
"discovery" : "INTERNAL"
}
}

48
2019/7xxx/CVE-2019-7550.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7550",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the \"create user\" function. If a register/check/username?username= request corresponds to a username that exists, then an \"is already in use\" error is produced. NOTE: this product is discontinued."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.criticalstart.com/2019/02/information-disclosure-in-jforum-2-1-x-syntax/",
"refsource" : "MISC",
"url" : "https://www.criticalstart.com/2019/02/information-disclosure-in-jforum-2-1-x-syntax/"
}
]
}