admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-01-10 17:06:51 -05:00
parent 269ddf64f4
commit d254b5bfcc
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 182 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
2018/15xxx/CVE-2018-15460.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-09T16:00:00-0800",
"ID": "CVE-2018-15460",
"STATE": "PUBLIC",
"TITLE": "Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Email Security Appliance (ESA) ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-09T16:00:00-0800",
"ID" : "CVE-2018-15460",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Email Security Appliance (ESA) ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "8.6",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages. "
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190109 Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-url-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20190109-esa-url-dos",
"defect": [
[
"CSCvm81627"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190109 Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-url-dos"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190109-esa-url-dos",
"defect" : [
[
"CSCvm81627"
]
],
"discovery" : "INTERNAL"
}
}

64
2018/5xxx/CVE-2018-5403.json
View File

@ -1,61 +1,63 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5403",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2018-5403",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "SecureSphere",
"version": {
"version_data": [
"product_name" : "SecureSphere",
"version" : {
"version_data" : [
{
"affected": "=",
"version_value": "13.0"
"affected" : "=",
"version_value" : "13.0"
}
]
}
}
]
},
"vendor_name": "Imperva"
"vendor_name" : "Imperva"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface."
"lang" : "eng",
"value" : "Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-77"
"lang" : "eng",
"value" : "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://www.exploit-db.com/exploits/45542"
"name" : "45542",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45542"
}
]
}
}
}

64
2018/5xxx/CVE-2018-5412.json
View File

@ -1,61 +1,63 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5412",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2018-5412",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "SecureSphere",
"version": {
"version_data": [
"product_name" : "SecureSphere",
"version" : {
"version_data" : [
{
"affected": "=",
"version_value": "12.0.0.50"
"affected" : "=",
"version_value" : "12.0.0.50"
}
]
}
}
]
},
"vendor_name": "Imperva"
"vendor_name" : "Imperva"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode."
"lang" : "eng",
"value" : "Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-77"
"lang" : "eng",
"value" : "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://www.exploit-db.com/exploits/45132"
"name" : "45132",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45132"
}
]
}
}
}

64
2018/5xxx/CVE-2018-5413.json
View File

@ -1,61 +1,63 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5413",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2018-5413",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "SecureSphere",
"version": {
"version_data": [
"product_name" : "SecureSphere",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_value": "13.0"
"affected" : "<=",
"version_value" : "13.0"
}
]
}
}
]
},
"vendor_name": "Imperva"
"vendor_name" : "Imperva"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation."
"lang" : "eng",
"value" : "Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-250"
"lang" : "eng",
"value" : "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://www.exploit-db.com/exploits/45130"
"name" : "45130",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45130"
}
]
}
}
}