admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-09-19 11:04:38 -04:00
parent c3836ebd7a
commit c6d2494889
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 298 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2017/1xxx/CVE-2017-1794.json
View File

@ -1,33 +1,9 @@
{
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "H",
"AC" : "H",
"UI" : "N",
"A" : "H",
"I" : "H",
"PR" : "L",
"SCORE" : "7.500",
"S" : "U",
"AV" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-17T00:00:00",
"ID" : "CVE-2017-1794",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
@ -91,28 +67,37 @@
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-17T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2017-1794"
},
"references" : {
"reference_data" : [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=swg22014097",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 2014097 (Tivoli Monitoring)",
"name" : "https://www.ibm.com/support/docview.wss?uid=swg22014097"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve20171794-priv-escalation (137039)"
"lang" : "eng",
"value" : "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "H",
"PR" : "L",
"S" : "U",
"SCORE" : "7.500",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -125,5 +110,18 @@
}
]
},
"data_type" : "CVE"
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=swg22014097",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg22014097"
},
{
"name" : "ibm-tivoli-cve20171794-priv-escalation(137039)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039"
}
]
}
}

4
2018/12xxx/CVE-2018-12242.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The Symantec Messaging Gateway product may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network."
"value" : "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://support.symantec.com/en_US/article.SYMSA1461.html",
"refsource" : "CONFIRM",
"url" : "https://support.symantec.com/en_US/article.SYMSA1461.html"
}
]

4
2018/12xxx/CVE-2018-12243.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The Symantec Messaging Gateway product may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible."
"value" : "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://support.symantec.com/en_US/article.SYMSA1461.html",
"refsource" : "CONFIRM",
"url" : "https://support.symantec.com/en_US/article.SYMSA1461.html"
}
]

4
2018/14xxx/CVE-2018-14792.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : ":WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files."
"value" : "WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-261-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-261-01"
}
]

48
2018/16xxx/CVE-2018-16607.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16607",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/document/d/1MKeb9lly_oOrVG0Ja4A-HgwaeXhb_xQHT9IIOee3wi0/edit",
"refsource" : "MISC",
"url" : "https://docs.google.com/document/d/1MKeb9lly_oOrVG0Ja4A-HgwaeXhb_xQHT9IIOee3wi0/edit"
}
]
}

48
2018/16xxx/CVE-2018-16785.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16785",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ky-j/dedecms/issues/4",
"refsource" : "MISC",
"url" : "https://github.com/ky-j/dedecms/issues/4"
}
]
}

67
2018/17xxx/CVE-2018-17183.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624",
"refsource" : "MISC",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699708",
"refsource" : "MISC",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699708"
}
]
}
}

12
2018/1xxx/CVE-2018-1149.json
View File

@ -54,7 +54,19 @@
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-25",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-25"
},
{
"name" : "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2",
"refsource" : "CONFIRM",
"url" : "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2"
},
{
"name" : "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf",
"refsource" : "CONFIRM",
"url" : "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf"
}
]
}

7
2018/1xxx/CVE-2018-1150.json
View File

@ -54,7 +54,14 @@
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-25",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-25"
},
{
"name" : "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf",
"refsource" : "CONFIRM",
"url" : "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf"
}
]
}

132
2018/1xxx/CVE-2018-1782.json
View File

@ -1,5 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-17T00:00:00",
"ID" : "CVE-2018-1782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Scale",
"version" : {
"version_data" : [
{
"version_value" : "5.0.1.0"
},
{
"version_value" : "5.0.1.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"AC" : "L",
"AV" : "L",
"C" : "N",
"I" : "N",
"PR" : "L",
"S" : "C",
"SCORE" : "6.500",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -15,79 +77,15 @@
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10730967",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10730967",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 730967 (Spectrum Scale)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10730967"
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10730967"
},
{
"name" : "ibm-spectrum-cve20181782-dos (148805)",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-spectrum-cve20181782-dos(148805)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148805"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.0.1.0"
},
{
"version_value" : "5.0.1.1"
}
]
},
"product_name" : "Spectrum Scale"
}
]
}
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2018-1782",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2018-09-17T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"description" : {
"description_data" : [
{
"value" : "IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"S" : "C",
"AV" : "L",
"SCORE" : "6.500",
"A" : "H",
"I" : "N",
"PR" : "L",
"AC" : "L",
"UI" : "N",
"C" : "N"
}
}
}
}