admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-10-18 16:22:22 -04:00
parent 7204714fd0
commit d20ddbbf8b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
7 changed files with 504 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
2015/4xxx/CVE-2015-4630.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4630",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,68 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37389",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37389/"
},
{
"name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
"refsource" : "MISC",
"url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423",
"refsource" : "CONFIRM",
"url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"name" : "https://koha-community.org/koha-3-14-16-released/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/koha-3-14-16-released/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-16-12/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-18-8/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-20-1/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-20-1/"
}
]
}

98
2015/4xxx/CVE-2015-4631.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4631",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,78 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37389",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37389/"
},
{
"name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
"refsource" : "MISC",
"url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416",
"refsource" : "CONFIRM",
"url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416"
},
{
"name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418",
"refsource" : "CONFIRM",
"url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418"
},
{
"name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423",
"refsource" : "CONFIRM",
"url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"name" : "https://koha-community.org/koha-3-14-16-released/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/koha-3-14-16-released/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-16-12/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-18-8/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-20-1/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-20-1/"
}
]
}

88
2015/4xxx/CVE-2015-4632.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4632",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,68 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37388",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37388/"
},
{
"name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
"refsource" : "MISC",
"url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408",
"refsource" : "CONFIRM",
"url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408"
},
{
"name" : "https://koha-community.org/koha-3-14-16-released/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/koha-3-14-16-released/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-16-12/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-18-8/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-20-1/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-20-1/"
}
]
}

93
2015/4xxx/CVE-2015-4633.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4633",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,73 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37387",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37387/"
},
{
"name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
"refsource" : "MISC",
"url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412",
"refsource" : "CONFIRM",
"url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14412"
},
{
"name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426",
"refsource" : "CONFIRM",
"url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14426"
},
{
"name" : "https://koha-community.org/koha-3-14-16-released/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/koha-3-14-16-released/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-16-12/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-18-8/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-20-1/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-20-1/"
}
]
}

17
2015/4xxx/CVE-2015-4639.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Koha Libraries 3.20.x before 3.20.1, 3.14.x before 3.14.16, 3.16.x before 3.16.12 allow remote attackers to (1) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via the addshelf parameter to opac-shelves.pl, (2) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via an unspecified list name parameter to opac-addbybiblionumber.pl, (3) hijack the authentication of library administrator users for requests that execute arbitrary web script or HTML via virtualshelves/shelves.pl when a shelf name contains web script or HTML, or (4) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that execute arbitrary web script or HTML by adding a biblio to a list whose name contains web script or HTML."
"value" : "Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name."
}
]
},
@ -56,6 +56,21 @@
"name" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4",
"refsource" : "CONFIRM",
"url" : "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416#c4"
},
{
"name" : "https://koha-community.org/security-release-koha-3-16-12/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-20-1/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"name" : "https://koha-community.org/koha-3-14-16-released/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/koha-3-14-16-released/"
}
]
}

67
2018/18xxx/CVE-2018-18483.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602",
"refsource" : "MISC",
"url" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602"
},
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23767",
"refsource" : "MISC",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23767"
}
]
}
}

62
2018/18xxx/CVE-2018-18484.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18484",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636",
"refsource" : "MISC",
"url" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636"
}
]
}
}