admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-09-28 16:05:08 -04:00
parent ada314c1f9
commit e16e36da83
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
20 changed files with 627 additions and 433 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2018/15xxx/CVE-2018-15836.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In Openswan before 2.6.50.1, IKEv2 signature verification is vulnerable to \"Variants of Bleichenbacher's Low-Exponent Attack on PKCS#1 RSA Signatures\" attacks when RAW RSA keys are used."
"value" : "In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used."
}
]
},
@ -61,6 +61,11 @@
"name" : "https://github.com/xelerance/Openswan/commit/0b460be9e287fd335c8ce58129c67bf06065ef51",
"refsource" : "CONFIRM",
"url" : "https://github.com/xelerance/Openswan/commit/0b460be9e287fd335c8ce58129c67bf06065ef51"
},
{
"name" : "https://github.com/xelerance/Openswan/commit/9eaa6c2a823c1d2b58913506a15f9474bf857a3d",
"refsource" : "CONFIRM",
"url" : "https://github.com/xelerance/Openswan/commit/9eaa6c2a823c1d2b58913506a15f9474bf857a3d"
}
]
}

18
2018/17xxx/CVE-2018-17765.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17765",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/17xxx/CVE-2018-17766.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17766",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/17xxx/CVE-2018-17767.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17767",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/17xxx/CVE-2018-17768.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17768",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/17xxx/CVE-2018-17769.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17769",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/17xxx/CVE-2018-17770.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17770",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/17xxx/CVE-2018-17771.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17771",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/17xxx/CVE-2018-17772.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17772",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/17xxx/CVE-2018-17773.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17773",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/17xxx/CVE-2018-17774.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17774",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

97
2018/9xxx/CVE-2018-9074.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9074",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9074",
"STATE" : "PUBLIC",
"TITLE" : "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
"product_name" : "Iomega StorCenter",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
"product_name" : "LenovoEMC",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
"product_name" : "EZ Media and Backup Center",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
"vendor_name" : "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the devices operating system as the root user."
"lang" : "eng",
"value" : "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Path traversal"
"lang" : "eng",
"value" : "Path traversal"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery" : "UNKNOWN"
}
}

97
2018/9xxx/CVE-2018-9075.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9075",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9075",
"STATE" : "PUBLIC",
"TITLE" : "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
"product_name" : "Iomega StorCenter",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
"product_name" : "LenovoEMC",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
"product_name" : "EZ Media and Backup Center",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
"vendor_name" : "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick “``” characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
"lang" : "eng",
"value" : "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Arbitrary Command Execution"
"lang" : "eng",
"value" : "Arbitrary Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery" : "UNKNOWN"
}
}

97
2018/9xxx/CVE-2018-9076.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9076",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9076",
"STATE" : "PUBLIC",
"TITLE" : "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
"product_name" : "Iomega StorCenter",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
"product_name" : "LenovoEMC",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
"product_name" : "EZ Media and Backup Center",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
"vendor_name" : "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick “``” characters in the name parameter. \nAs a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
"lang" : "eng",
"value" : "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Arbitrary Command Execution"
"lang" : "eng",
"value" : "Arbitrary Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery" : "UNKNOWN"
}
}

97
2018/9xxx/CVE-2018-9077.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9077",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9077",
"STATE" : "PUBLIC",
"TITLE" : "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
"product_name" : "Iomega StorCenter",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
"product_name" : "LenovoEMC",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
"product_name" : "EZ Media and Backup Center",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
"vendor_name" : "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick “``” characters in the share : name parameter. \nAs a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
"lang" : "eng",
"value" : "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick \"``\" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Arbitrary Command Execution"
"lang" : "eng",
"value" : "Arbitrary Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery" : "UNKNOWN"
}
}

97
2018/9xxx/CVE-2018-9078.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9078",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9078",
"STATE" : "PUBLIC",
"TITLE" : "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
"product_name" : "Iomega StorCenter",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
"product_name" : "LenovoEMC",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
"product_name" : "EZ Media and Backup Center",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
"vendor_name" : "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the devices origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin.  As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file."
"lang" : "eng",
"value" : "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "SVG"
"lang" : "eng",
"value" : "SVG"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery" : "UNKNOWN"
}
}

97
2018/9xxx/CVE-2018-9079.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9079",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9079",
"STATE" : "PUBLIC",
"TITLE" : "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
"product_name" : "Iomega StorCenter",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
"product_name" : "LenovoEMC",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
"product_name" : "EZ Media and Backup Center",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
"vendor_name" : "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.\n"
"lang" : "eng",
"value" : "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Arbitrary code execution"
"lang" : "eng",
"value" : "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery" : "UNKNOWN"
}
}

97
2018/9xxx/CVE-2018-9080.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9080",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9080",
"STATE" : "PUBLIC",
"TITLE" : "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
"product_name" : "Iomega StorCenter",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
"product_name" : "LenovoEMC",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
"product_name" : "EZ Media and Backup Center",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
"vendor_name" : "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NASs web application, the NAS will not provide the user a new cookie value. \nThis allows an attacker who knows the cookies value to compromise the users session."
"lang" : "eng",
"value" : "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Session fixation"
"lang" : "eng",
"value" : "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery" : "UNKNOWN"
}
}

97
2018/9xxx/CVE-2018-9081.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9081",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9081",
"STATE" : "PUBLIC",
"TITLE" : "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
"product_name" : "Iomega StorCenter",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
"product_name" : "LenovoEMC",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
"product_name" : "EZ Media and Backup Center",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
"vendor_name" : "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger."
"lang" : "eng",
"value" : "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)"
"lang" : "eng",
"value" : "Cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery" : "UNKNOWN"
}
}

97
2018/9xxx/CVE-2018-9082.json
View File

@ -1,92 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9082",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9082",
"STATE" : "PUBLIC",
"TITLE" : "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
"product_name" : "Iomega StorCenter",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
"product_name" : "LenovoEMC",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
"product_name" : "EZ Media and Backup Center",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
"vendor_name" : "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the users current password to set a new one.\nAs a result, attackers with access to the users session tokens can change their password and retain access to the users account"
"lang" : "eng",
"value" : "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account"
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Password change does not require existing password"
"lang" : "eng",
"value" : "Password change does not require existing password"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
"source" : {
"advisory" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery" : "UNKNOWN"
}
}