admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-10-10 17:03:48 -04:00
parent 56bedaee77
commit cf72ed1761
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
14 changed files with 565 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2014/0xxx/CVE-2014-0984.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtrain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack."
"value" : "The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack."
}
]
},

20
2017/18xxx/CVE-2017-18078.json
View File

@ -57,10 +57,30 @@
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43935/"
},
{
"name" : "[oss-security] 20180129 CVE-2018-18078: systemd-tmpfiles root privilege escalation with fs.protected_hardlinks=0",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/01/29/3"
},
{
"name" : "[oss-security] 20180129 Re: CVE-2017-18078: systemd-tmpfiles root privilege",
"refsource" : "MLIST",
"url" : "https://www.openwall.com/lists/oss-security/2018/01/29/4"
},
{
"name" : "https://github.com/systemd/systemd/issues/7736",
"refsource" : "MISC",
"url" : "https://github.com/systemd/systemd/issues/7736"
},
{
"name" : "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html"
},
{
"name" : "openSUSE-SU-2018:0560",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html"
}
]
}

48
2018/12xxx/CVE-2018-12455.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12455",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using \"admin:\" as the name of a cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181008 Multiple vulnerabilities in NPLUG wireless repeater",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Oct/18"
}
]
}

48
2018/12xxx/CVE-2018-12456.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12456",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181008 Multiple vulnerabilities in NPLUG wireless repeater",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Oct/18"
}
]
}

58
2018/12xxx/CVE-2018-12596.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12596",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the \"activateuser.aspx\" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181008 Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018-12596)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Oct/15"
},
{
"name" : "https://github.com/alt3kx/CVE-2018-12596",
"refsource" : "MISC",
"url" : "https://github.com/alt3kx/CVE-2018-12596"
},
{
"name" : "https://medium.com/@alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158",
"refsource" : "MISC",
"url" : "https://medium.com/@alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158"
}
]
}

48
2018/13xxx/CVE-2018-13789.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13789",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.quantumleap.it/infocad-facility-management-cve-2018-13789-unauthenticated-webservice-allows-retrieval-arbitrary-files/",
"refsource" : "MISC",
"url" : "https://www.quantumleap.it/infocad-facility-management-cve-2018-13789-unauthenticated-webservice-allows-retrieval-arbitrary-files/"
}
]
}

53
2018/16xxx/CVE-2018-16737.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16737",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tinc-vpn.org/security/",
"refsource" : "CONFIRM",
"url" : "http://tinc-vpn.org/security/"
},
{
"name" : "http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a",
"refsource" : "CONFIRM",
"url" : "http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a"
}
]
}

58
2018/16xxx/CVE-2018-16738.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16738",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tinc-vpn.org/security/",
"refsource" : "CONFIRM",
"url" : "http://tinc-vpn.org/security/"
},
{
"name" : "http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a",
"refsource" : "CONFIRM",
"url" : "http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a"
},
{
"name" : "DSA-4312",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4312"
}
]
}

58
2018/16xxx/CVE-2018-16758.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16758",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tinc-vpn.org/security/",
"refsource" : "CONFIRM",
"url" : "http://tinc-vpn.org/security/"
},
{
"name" : "http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f",
"refsource" : "CONFIRM",
"url" : "http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f"
},
{
"name" : "DSA-4312",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4312"
}
]
}

48
2018/17xxx/CVE-2018-17337.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17337",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181008 Multiple vulnerabilities in NPLUG wireless repeater",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Oct/18"
}
]
}

48
2018/17xxx/CVE-2018-17784.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17784",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://twitter.com/purplemet/status/1043979681186369537",
"refsource" : "MISC",
"url" : "https://twitter.com/purplemet/status/1043979681186369537"
}
]
}

48
2018/18xxx/CVE-2018-18061.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18061",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181009 Responsive Filemanager 9.8.1 Authentication Bypass",
"refsource" : "BUGTRAQ",
"url" : "https://seclists.org/bugtraq/2018/Oct/25"
}
]
}

48
2018/18xxx/CVE-2018-18062.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18062",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181009 Responsive Filemanager 9.8.1 Reflected Cross Site Scripting (XSS)",
"refsource" : "BUGTRAQ",
"url" : "https://seclists.org/bugtraq/2018/Oct/26"
}
]
}

50
2018/3xxx/CVE-2018-3736.json
View File

@ -1,32 +1,9 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2018-3736",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "https-proxy-agent node module",
"version" : {
"version_data" : [
{
"version_value" : "Versions up to and including 2.1.1"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -35,28 +12,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "https-proxy-agent passes unsanitized options to Buffer(arg) resulting in DoS and uninitialized memory leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Allocation of Resources Without Limits or Throttling (CWE-770)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/319532",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/319532"
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3739. Reason: This candidate is a duplicate of CVE-2018-3739. Notes: All CVE users should reference CVE-2018-3739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}