admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-07 21:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-11-18 12:05:37 -05:00
parent 1ef7b9d24b
commit c766be734a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
3 changed files with 216 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
2018/19xxx/CVE-2018-19351.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst",
"refsource" : "MISC",
"url" : "https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst"
},
{
"name" : "https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491",
"refsource" : "MISC",
"url" : "https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491"
},
{
"name" : "https://groups.google.com/forum/#!topic/jupyter/hWzu2BSsplY",
"refsource" : "MISC",
"url" : "https://groups.google.com/forum/#!topic/jupyter/hWzu2BSsplY"
},
{
"name" : "https://pypi.org/project/notebook/#history",
"refsource" : "MISC",
"url" : "https://pypi.org/project/notebook/#history"
}
]
}
}

72
2018/19xxx/CVE-2018-19352.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19352",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst",
"refsource" : "MISC",
"url" : "https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst"
},
{
"name" : "https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648",
"refsource" : "MISC",
"url" : "https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648"
},
{
"name" : "https://pypi.org/project/notebook/#history",
"refsource" : "MISC",
"url" : "https://pypi.org/project/notebook/#history"
}
]
}
}

67
2018/19xxx/CVE-2018-19353.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-libansilove-1.0.0",
"refsource" : "MISC",
"url" : "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-libansilove-1.0.0"
},
{
"name" : "https://github.com/ansilove/libansilove/issues/4",
"refsource" : "MISC",
"url" : "https://github.com/ansilove/libansilove/issues/4"
}
]
}
}