admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-05-24 16:04:21 -04:00
parent 2d2566a3c6
commit f03b689faf
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 243 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2017/14xxx/CVE-2017-14187.json
View File

@ -41,7 +41,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command."
"value" : "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command."
}
]
},
@ -60,6 +60,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://fortiguard.com/advisory/FG-IR-17-245",
"refsource" : "CONFIRM",
"url" : "https://fortiguard.com/advisory/FG-IR-17-245"
}
]

4
2017/9xxx/CVE-2017-9664.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "An attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network, using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization. HMS Industrial Networks Ab created an update to resolve a publicly reported vulnerability in the ABB products listed above. Products are based on a legacy software platform which is no longer actively maintained."
"value" : "In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-05",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-222-05"
}
]

53
2018/11xxx/CVE-2018-11416.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11416",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/tjko/jpegoptim/blob/master/README",
"refsource" : "MISC",
"url" : "https://github.com/tjko/jpegoptim/blob/master/README"
},
{
"name" : "https://github.com/tjko/jpegoptim/issues/57",
"refsource" : "MISC",
"url" : "https://github.com/tjko/jpegoptim/issues/57"
}
]
}

62
2018/11xxx/CVE-2018-11418.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11418",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp(\"[\\\\u0020\") payload, related to re_parse_char_class in parser/regexp/re-parser.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/jerryscript-project/jerryscript/issues/2237",
"refsource" : "MISC",
"url" : "https://github.com/jerryscript-project/jerryscript/issues/2237"
}
]
}
}

62
2018/11xxx/CVE-2018-11419.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp(\"[\\\\u0\") payload, related to re_parse_char_class in parser/regexp/re-parser.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/jerryscript-project/jerryscript/issues/2230",
"refsource" : "MISC",
"url" : "https://github.com/jerryscript-project/jerryscript/issues/2230"
}
]
}
}

48
2018/7xxx/CVE-2018-7256.json
View File

@ -1,32 +1,9 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2018-05-24T00:00:00",
"ID" : "CVE-2018-7256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BeaconMedæs TotalAlert Scroll Medical Air Systems web application",
"version" : {
"version_data" : [
{
"version_value" : "All versions prior to version 4107600010.23"
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -35,26 +12,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23 By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01"
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

11
2018/7xxx/CVE-2018-7515.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23 Passwords are presented in plaintext in a file that is accessible without authentication."
"value" : "In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets."
}
]
},
@ -54,7 +54,14 @@
"references" : {
"reference_data" : [
{
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01"
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01"
},
{
"name" : "103394",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103394"
}
]
}

4
2018/7xxx/CVE-2018-7518.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23 An attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner."
"value" : "In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01"
}
]

50
2018/7xxx/CVE-2018-7526.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2018-7526",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01"
}
]
}