admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-18 18:00:48 +00:00
parent 6b3e415e11
commit eb464a2df1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
11 changed files with 415 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/16xxx/CVE-2018-16877.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2018-16877", "ID": "CVE-2018-16877",
"ASSIGNER": "lpardo@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -73,4 +74,4 @@
] ]
] ]
} }
} }

5
2018/16xxx/CVE-2018-16878.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2018-16878", "ID": "CVE-2018-16878",
"ASSIGNER": "lpardo@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -73,4 +74,4 @@
] ]
] ]
} }
} }

48
2018/17xxx/CVE-2018-17287.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17287", "ID": "CVE-2018-17287",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end \"download\" feature, as demonstrated by an mfp.password downloadsettingvalue operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17287-Information%20Disclosure-Kofax",
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17287-Information%20Disclosure-Kofax"
} }
] ]
} }

48
2018/17xxx/CVE-2018-17288.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17288", "ID": "CVE-2018-17288",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) \"Filename\" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) \"DeviceName\" field in /Kofax/KFS/Admin/DeviceService/device/ - (Administration Console)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17288-XSS-Kofax",
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17288-XSS-Kofax"
} }
] ]
} }

48
2018/17xxx/CVE-2018-17289.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17289", "ID": "CVE-2018-17289",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17289-XXE-Kofax",
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17289-XXE-Kofax"
} }
] ]
} }

61
2019/11xxx/CVE-2019-11017.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-11017",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-11017",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152465/D-Link-DI-524-2.06RU-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/152465/D-Link-DI-524-2.06RU-Cross-Site-Scripting.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "46687",
"url": "https://www.exploit-db.com/exploits/46687"
} }
] ]
} }

5
2019/11xxx/CVE-2019-11191.json
View File

@ -66,6 +66,11 @@
"refsource": "BID", "refsource": "BID",
"name": "107887", "name": "107887",
"url": "http://www.securityfocus.com/bid/107887" "url": "http://www.securityfocus.com/bid/107887"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190418 Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID",
"url": "http://www.openwall.com/lists/oss-security/2019/04/18/5"
} }
] ]
} }

61
2019/11xxx/CVE-2019-11223.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-11223",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2019-11223",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://wordpress.org/plugins/supportcandy/#developers",
"url": "https://wordpress.org/plugins/supportcandy/#developers"
},
{
"refsource": "MISC",
"name": "https://www.pluginvulnerabilities.com/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/",
"url": "https://www.pluginvulnerabilities.com/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/"
} }
] ]
} }

194
2019/3xxx/CVE-2019-3398.json
View File

@ -1,98 +1,100 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "security@atlassian.com", "ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-04-17T00:00:00", "DATE_PUBLIC": "2019-04-17T00:00:00",
"ID": "CVE-2019-3398", "ID": "CVE-2019-3398",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "Confluence", "product_name": "Confluence",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "2.0.0", "version_value": "2.0.0",
"version_affected": ">=" "version_affected": ">="
}, },
{ {
"version_value": "6.6.13", "version_value": "6.6.13",
"version_affected": "<" "version_affected": "<"
}, },
{ {
"version_value": "6.7.0", "version_value": "6.7.0",
"version_affected": ">=" "version_affected": ">="
}, },
{ {
"version_value": "6.12.4", "version_value": "6.12.4",
"version_affected": "<" "version_affected": "<"
}, },
{ {
"version_value": "6.13.0", "version_value": "6.13.0",
"version_affected": ">=" "version_affected": ">="
}, },
{ {
"version_value": "6.13.4", "version_value": "6.13.4",
"version_affected": "<" "version_affected": "<"
}, },
{ {
"version_value": "6.14.0", "version_value": "6.14.0",
"version_affected": ">=" "version_affected": ">="
}, },
{ {
"version_value": "6.14.3", "version_value": "6.14.3",
"version_affected": "<" "version_affected": "<"
}, },
{ {
"version_value": "6.15.0", "version_value": "6.15.0",
"version_affected": ">=" "version_affected": ">="
}, },
{ {
"version_value": "6.15.2", "version_value": "6.15.2",
"version_affected": "<" "version_affected": "<"
} }
] ]
} }
} }
] ]
}, },
"vendor_name": "Atlassian" "vendor_name": "Atlassian"
} }
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references": { "data_type": "CVE",
"reference_data": [ "data_version": "4.0",
{ "description": {
"url": "https://jira.atlassian.com/browse/CONFSERVER-58102" "description_data": [
} {
] "lang": "eng",
} "value": "Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability."
} }
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-58102",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CONFSERVER-58102"
}
]
}
}

13
2019/3xxx/CVE-2019-3885.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-3885", "ID": "CVE-2019-3885",
"ASSIGNER": "lpardo@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -44,13 +45,13 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885", "url": "https://github.com/ClusterLabs/pacemaker/pull/1749",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885", "name": "https://github.com/ClusterLabs/pacemaker/pull/1749",
"refsource": "CONFIRM" "refsource": "CONFIRM"
}, },
{ {
"url": "https://github.com/ClusterLabs/pacemaker/pull/1749", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885",
"name": "https://github.com/ClusterLabs/pacemaker/pull/1749", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3885",
"refsource": "CONFIRM" "refsource": "CONFIRM"
} }
] ]
@ -73,4 +74,4 @@
] ]
] ]
} }
} }

53
2019/9xxx/CVE-2019-9005.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9005", "ID": "CVE-2019-9005",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://marketplace.atlassian.com/apps/43318/power-scripts-jira-script-automation/version-history",
"url": "https://marketplace.atlassian.com/apps/43318/power-scripts-jira-script-automation/version-history"
},
{
"refsource": "MISC",
"name": "https://www.detack.de/en/cve-2019-9005",
"url": "https://www.detack.de/en/cve-2019-9005"
} }
] ]
} }