admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/CVEProject/cvelist

Browse Source
This commit is contained in:
zmanion 2018-06-06 12:51:58 -04:00
commit f9413809cd
200 changed files with 5897 additions and 271 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/0xxx/CVE-2016-0762.json
View File

@ -70,6 +70,11 @@
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009@%3Cannounce.tomcat.apache.org%3E"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"name" : "DSA-3720",
"refsource" : "DEBIAN",

5
2016/10xxx/CVE-2016-10254.json
View File

@ -71,6 +71,11 @@
"name" : "GLSA-201710-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-10"
},
{
"name" : "USN-3670-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3670-1/"
}
]
}

5
2016/10xxx/CVE-2016-10255.json
View File

@ -76,6 +76,11 @@
"name" : "GLSA-201710-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-10"
},
{
"name" : "USN-3670-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3670-1/"
}
]
}

2
2016/10xxx/CVE-2016-10664.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "msystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru msystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
"value" : "mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},

2
2016/10xxx/CVE-2016-10692.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "haxeshim haxe shim to deal with cooexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
"value" : "haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
}
]
},

5
2016/5xxx/CVE-2016-5003.json
View File

@ -72,6 +72,11 @@
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1780"
},
{
"name" : "RHSA-2018:1784",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1784"
},
{
"name" : "91736",
"refsource" : "BID",

5
2016/5xxx/CVE-2016-5018.json
View File

@ -70,6 +70,11 @@
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e@%3Cannounce.tomcat.apache.org%3E"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"name" : "DSA-3720",
"refsource" : "DEBIAN",

5
2016/6xxx/CVE-2016-6794.json
View File

@ -70,6 +70,11 @@
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb@%3Cannounce.tomcat.apache.org%3E"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"name" : "DSA-3720",
"refsource" : "DEBIAN",

5
2016/6xxx/CVE-2016-6796.json
View File

@ -70,6 +70,11 @@
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45@%3Cannounce.tomcat.apache.org%3E"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"name" : "DSA-3720",
"refsource" : "DEBIAN",

5
2016/6xxx/CVE-2016-6797.json
View File

@ -70,6 +70,11 @@
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352@%3Cannounce.tomcat.apache.org%3E"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180605-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180605-0001/"
},
{
"name" : "DSA-3720",
"refsource" : "DEBIAN",

7
2016/8xxx/CVE-2016-8390.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Dissassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability."
"value" : "An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability."
}
]
},
@ -57,6 +57,11 @@
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222"
},
{
"name" : "93801",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93801"
}
]
}

20
2016/9xxx/CVE-2016-9042.json
View File

@ -57,6 +57,26 @@
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
},
{
"name" : "FreeBSD-SA-17:03",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name" : "97046",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97046"
},
{
"name" : "1038123",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038123"
},
{
"name" : "1039427",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039427"
}
]
}

95
2016/9xxx/CVE-2016-9488.json
View File

@ -1,88 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9488",
"STATE": "PUBLIC",
"TITLE": "ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9488",
"STATE" : "PUBLIC",
"TITLE" : "ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
"product_name" : "Applications Manager",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "12",
"version_value": "12"
"affected" : "=",
"version_name" : "12",
"version_value" : "12"
},
{
"affected": "=",
"version_name": "13",
"version_value": "13"
"affected" : "=",
"version_name" : "13",
"version_value" : "13"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
"vendor_name" : "ManageEngine"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries."
"lang" : "eng",
"value" : "ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
"lang" : "eng",
"value" : "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "97394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97394/discuss"
"name" : "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Apr/9",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
"name" : "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2016-9488",
"refsource": "CONFIRM",
"url": "https://packetstormsecurity.com/files/cve/CVE-2016-9488"
},
{
"name": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html",
"refsource": "CONFIRM",
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
"name" : "97394",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97394"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}

90
2016/9xxx/CVE-2016-9490.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9490",
"STATE": "PUBLIC",
"TITLE": "ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9490",
"STATE" : "PUBLIC",
"TITLE" : "ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
"product_name" : "Applications Manager",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "12",
"version_value": "12"
"affected" : "=",
"version_name" : "12",
"version_value" : "12"
},
{
"affected": "=",
"version_name": "13",
"version_value": "13"
"affected" : "=",
"version_name" : "13",
"version_value" : "13"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
"vendor_name" : "ManageEngine"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication."
"lang" : "eng",
"value" : "ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"lang" : "eng",
"value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "97394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97394/discuss"
"name" : "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Apr/9",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
"name" : "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
},
{
"name": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html",
"refsource": "CONFIRM",
"url": "https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html"
"name" : "97394",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97394"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}

2
2017/16xxx/CVE-2017-16036.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "`badjs-sourcemap-server` recieves files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
"value" : "`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
}
]
},

5
2017/18xxx/CVE-2017-18233.json
View File

@ -66,6 +66,11 @@
"name" : "https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260"
},
{
"name" : "USN-3668-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3668-1/"
}
]
}

5
2017/18xxx/CVE-2017-18234.json
View File

@ -66,6 +66,11 @@
"name" : "https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c"
},
{
"name" : "USN-3668-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3668-1/"
}
]
}

5
2017/18xxx/CVE-2017-18236.json
View File

@ -66,6 +66,11 @@
"name" : "https://cgit.freedesktop.org/exempi/commit/?id=fe59605d3520bf2ca4e0a963d194f10e9fee5806",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/exempi/commit/?id=fe59605d3520bf2ca4e0a963d194f10e9fee5806"
},
{
"name" : "USN-3668-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3668-1/"
}
]
}

5
2017/18xxx/CVE-2017-18238.json
View File

@ -66,6 +66,11 @@
"name" : "https://cgit.freedesktop.org/exempi/commit/?id=886cd1d2314755adb1f4cdb99c16ff00830f0331",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/exempi/commit/?id=886cd1d2314755adb1f4cdb99c16ff00830f0331"
},
{
"name" : "USN-3668-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3668-1/"
}
]
}

48
2017/18xxx/CVE-2017-18286.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18286",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "nZEDb v0.7.3.3 has XSS in the 404 error page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/143725/nZEDb-0.7.3.3-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/143725/nZEDb-0.7.3.3-Cross-Site-Scripting.html"
}
]
}

90
2017/1xxx/CVE-2017-1350.json
View File

@ -1,8 +1,41 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-01T00:00:00",
"ID" : "CVE-2017-1350",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "InfoSphere Information Server",
"version" : {
"version_data" : [
{
"version_value" : "9.1"
},
{
"version_value" : "11.3"
},
{
"version_value" : "11.5"
},
{
"version_value" : "11.7"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +44,58 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"AC" : "L",
"AV" : "L",
"C" : "H",
"I" : "H",
"PR" : "N",
"S" : "U",
"SCORE" : "8.400",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22005503",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22005503"
},
{
"name" : "1041042",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041042"
},
{
"name" : "ibm-infosphere-cve20171350-priv-escalation(126526)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126526"
}
]
}

147
2017/1xxx/CVE-2017-1474.json
View File

@ -1,18 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1474",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22012329",
"title" : "IBM Security Bulletin 2012329 (Security Access Manager)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22012329"
},
{
"name" : "ibm-sam-cve20171474-info-disc(128606)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606",
"refsource" : "XF"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"C" : "L",
"I" : "N",
"S" : "U",
"AV" : "N",
"AC" : "L",
"PR" : "N",
"SCORE" : "5.300",
"UI" : "N",
"A" : "N"
}
}
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "7.0.0"
},
{
"version_value" : "8.0.0"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "8.0.1.2"
},
{
"version_value" : "8.0.1.3"
},
{
"version_value" : "8.0.1.4"
},
{
"version_value" : "9.0.0"
},
{
"version_value" : "9.0.1.0"
},
{
"version_value" : "9.0.2.0"
},
{
"version_value" : "8.0.1.5"
},
{
"version_value" : "9.0.2.1"
},
{
"version_value" : "9.0.3"
},
{
"version_value" : "9.0.3.1"
},
{
"version_value" : "8.0.1.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1474",
"DATE_PUBLIC" : "2018-06-04T00:00:00"
}
}

139
2017/1xxx/CVE-2017-1476.json
View File

@ -1,17 +1,146 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "7.0.0"
},
{
"version_value" : "8.0.0"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "8.0.1.2"
},
{
"version_value" : "8.0.1.3"
},
{
"version_value" : "8.0.1.4"
},
{
"version_value" : "9.0.0"
},
{
"version_value" : "9.0.1.0"
},
{
"version_value" : "9.0.2.0"
},
{
"version_value" : "8.0.1.5"
},
{
"version_value" : "9.0.2.1"
},
{
"version_value" : "9.0.3"
},
{
"version_value" : "9.0.3.1"
},
{
"version_value" : "8.0.1.6"
}
]
},
"product_name" : "Security Access Manager"
}
]
}
}
]
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 2012310 (Security Access Manager)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22012310",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22012310"
},
{
"name" : "ibm-sam-cve20171476-info-disc(128610)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AV" : "N",
"PR" : "N",
"UI" : "N",
"AC" : "H",
"C" : "H",
"SCORE" : "5.900",
"S" : "U",
"I" : "N",
"A" : "N"
}
}
},
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2017-1476",
"STATE" : "RESERVED"
"DATE_PUBLIC" : "2018-06-04T00:00:00"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610."
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
}

144
2017/1xxx/CVE-2017-1480.json
View File

@ -1,18 +1,144 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1480",
"STATE" : "RESERVED"
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 2012309 (Security Access Manager)",
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22012309",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22012309"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve20171480-info-disc(128617)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "8.0.0"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "8.0.1.2"
},
{
"version_value" : "8.0.1.3"
},
{
"version_value" : "8.0.1.4"
},
{
"version_value" : "9.0.0"
},
{
"version_value" : "9.0.1.0"
},
{
"version_value" : "9.0.2.0"
},
{
"version_value" : "8.0.1.5"
},
{
"version_value" : "9.0.2.1"
},
{
"version_value" : "9.0.3"
},
{
"version_value" : "9.0.3.1"
},
{
"version_value" : "8.0.1.6"
}
]
},
"product_name" : "Security Access Manager"
}
]
}
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AV" : "N",
"C" : "L",
"S" : "U",
"I" : "N",
"AC" : "L",
"PR" : "L",
"SCORE" : "4.300",
"UI" : "N"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-06-04T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1480",
"STATE" : "PUBLIC"
}
}

5
2017/7xxx/CVE-2017-7607.json
View File

@ -62,6 +62,11 @@
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-10"
},
{
"name" : "USN-3670-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3670-1/"
},
{
"name" : "98608",
"refsource" : "BID",

5
2017/7xxx/CVE-2017-7608.json
View File

@ -62,6 +62,11 @@
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-10"
},
{
"name" : "USN-3670-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3670-1/"
},
{
"name" : "98609",
"refsource" : "BID",

5
2017/7xxx/CVE-2017-7609.json
View File

@ -61,6 +61,11 @@
"name" : "GLSA-201710-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-10"
},
{
"name" : "USN-3670-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3670-1/"
}
]
}

5
2017/7xxx/CVE-2017-7610.json
View File

@ -61,6 +61,11 @@
"name" : "GLSA-201710-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-10"
},
{
"name" : "USN-3670-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3670-1/"
}
]
}

5
2017/7xxx/CVE-2017-7611.json
View File

@ -61,6 +61,11 @@
"name" : "GLSA-201710-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-10"
},
{
"name" : "USN-3670-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3670-1/"
}
]
}

5
2017/7xxx/CVE-2017-7612.json
View File

@ -61,6 +61,11 @@
"name" : "GLSA-201710-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-10"
},
{
"name" : "USN-3670-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3670-1/"
}
]
}

5
2017/7xxx/CVE-2017-7613.json
View File

@ -61,6 +61,11 @@
"name" : "GLSA-201710-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-10"
},
{
"name" : "USN-3670-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3670-1/"
}
]
}

53
2017/7xxx/CVE-2017-7635.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7635",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name" : "1041025",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041025"
}
]
}

53
2017/7xxx/CVE-2017-7636.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7636",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name" : "1041025",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041025"
}
]
}

53
2017/7xxx/CVE-2017-7637.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7637",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name" : "1041025",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041025"
}
]
}

53
2017/7xxx/CVE-2017-7639.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7639",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name" : "1041025",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041025"
}
]
}

51
2017/7xxx/CVE-2017-7653.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "emo@eclipse.org",
"ID" : "CVE-2017-7653",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Eclipse Mosquitto",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "1.4.15"
}
]
}
}
]
},
"vendor_name" : "The Eclipse Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20: Improper Input Validation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113",
"refsource" : "CONFIRM",
"url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113"
}
]
}

51
2017/7xxx/CVE-2017-7654.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "emo@eclipse.org",
"ID" : "CVE-2017-7654",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Eclipse Mosquitto",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "1.4.15"
}
]
}
}
]
},
"vendor_name" : "The Eclipse Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-401: Improper Release of Memory Before Removing Last Reference"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493",
"refsource" : "CONFIRM",
"url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493"
}
]
}

2
2017/9xxx/CVE-2017-9230.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent."
"value" : "The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability."
}
]
},

69
2018/1000xxx/CVE-2018-1000180.json
View File

@ -1,9 +1,34 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_ASSIGNED" : "2018-05-01",
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-04-30T12:00:00",
"DATE_REQUESTED" : "2018-04-30T14:00:00",
"ID" : "CVE-2018-1000180",
"STATE" : "RESERVED"
"REQUESTER" : "dgh@bouncycastle.org",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Legion of the Bouncy Castle Java Cryptography APIs",
"version" : {
"version_data" : [
{
"version_value" : "BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1"
}
]
}
}
]
},
"vendor_name" : "Legion of the Bouncy Castle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -12,7 +37,43 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-573"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test",
"refsource" : "MISC",
"url" : "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test"
},
{
"name" : "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad",
"refsource" : "CONFIRM",
"url" : "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad"
},
{
"name" : "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839",
"refsource" : "CONFIRM",
"url" : "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839"
},
{
"name" : "https://www.bouncycastle.org/jira/browse/BJA-694",
"refsource" : "CONFIRM",
"url" : "https://www.bouncycastle.org/jira/browse/BJA-694"
}
]
}

54
2018/1000xxx/CVE-2018-1000181.json
View File

@ -1,9 +1,34 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_ASSIGNED" : "2018-05-01",
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-05-01T12:00:00",
"DATE_REQUESTED" : "2018-05-01T14:00:00",
"ID" : "CVE-2018-1000181",
"STATE" : "RESERVED"
"REQUESTER" : "i.partridge@uk.ibm.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Kitura",
"version" : {
"version_data" : [
{
"version_value" : "2.3.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Kitura"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -12,7 +37,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/IBM-Swift/Kitura/pull/1278",
"refsource" : "CONFIRM",
"url" : "https://github.com/IBM-Swift/Kitura/pull/1278"
}
]
}

65
2018/1000xxx/CVE-2018-1000182.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.938563",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000182",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Git Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.9.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-441, CWE-918"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-810",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-810"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000183.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.939725",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000183",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins GitHub Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.29.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-201"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-804",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-804"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000184.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.940841",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000184",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins GitHub Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.29.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-441, CWE-918"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000185.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.941970",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000185",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins GitHub Branch Source Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.3.4 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-441, CWE-918"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000186.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.943019",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000186",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins GitHub Pull Request Builder Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.41.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-201"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-805",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-805"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000187.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.943867",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000187",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Kubernetes Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.7.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-883",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-883"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000188.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.944677",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000188",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins CAS Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.4.1 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-441, CWE-918"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-809",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-809"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000189.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.945520",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000189",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Absint Astrée Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.0.5 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-807",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-807"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000190.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.946677",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000190",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Black Duck Hub Plugin",
"version" : {
"version_data" : [
{
"version_value" : "4.0.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-201"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-865",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-865"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000191.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.947607",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000191",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Black Duck Detect Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.4.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-201"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-866",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-866"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000192.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.649497",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000192",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.120 and older, LTS 2.107.2 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-771",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-771"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000193.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.650984",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000193",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.120 and older, LTS 2.107.2 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-150"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-786",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-786"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000194.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.652065",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000194",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.120 and older, LTS 2.107.2 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000195.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.653459",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000195",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.120 and older, LTS 2.107.2 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-441, CWE-918"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-794",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-794"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000196.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.654848",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000196",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Gitlab Hook Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.4.2 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-522"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-263",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-263"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000197.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.656691",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000197",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Black Duck Hub Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.0.3 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000198.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.658252",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000198",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Black Duck Hub Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.1.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-611"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-671",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-671"
}
]
}
}

74
2018/1000xxx/CVE-2018-1000200.json
View File

@ -1,9 +1,34 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_ASSIGNED" : "2018-04-17",
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-04-17T12:00:00",
"DATE_REQUESTED" : "2018-04-17T14:00:00",
"ID" : "CVE-2018-1000200",
"STATE" : "RESERVED"
"REQUESTER" : "rientjes@google.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Linux Kernel",
"version" : {
"version_data" : [
{
"version_value" : "4.14, 4.15, and 4.16"
}
]
}
}
]
},
"vendor_name" : "Linux Kernel"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -12,7 +37,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "NULL Pointer Dereference"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20180417 [patch] mm, oom: fix concurrent munlock and oom reaper unmap",
"refsource" : "MLIST",
"url" : "https://marc.info/?l=linux-kernel&m=152400522806945"
},
{
"name" : "[linux-kernel] 20180424 [patch v3 for-4.17] mm, oom: fix concurrent munlock and oom reaper unmap",
"refsource" : "MLIST",
"url" : "https://marc.info/?l=linux-kernel&m=152460926619256"
},
{
"name" : "[oss-security] 20180424 CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2018/q2/67"
},
{
"name" : "https://access.redhat.com/security/cve/cve-2018-1000200",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/security/cve/cve-2018-1000200"
},
{
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a",
"refsource" : "CONFIRM",
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27ae357fa82be5ab73b2ef8d39dcb8ca2563483a"
}
]
}

19
2018/1000xxx/CVE-2018-1000201.json Normal file
View File

@ -0,0 +1,19 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_ASSIGNED" : "2018-06-04",
"ID" : "CVE-2018-1000201",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

65
2018/1000xxx/CVE-2018-1000202.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.659756",
"DATE_REQUESTED" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000202",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Groovy Postbuild Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.3.1 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821"
}
]
}
}

53
2018/10xxx/CVE-2018-10057.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10057",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20180603 CVE-2018-10058 and CVE-2018-10057 - cgminer <=4.10.0 and bfgminer <=5.5.0 remote management api post-auth buffer overflow and path traversal",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/06/03/1"
},
{
"name" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057",
"refsource" : "MISC",
"url" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057"
}
]
}

53
2018/10xxx/CVE-2018-10058.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10058",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20180603 CVE-2018-10058 and CVE-2018-10057 - cgminer <=4.10.0 and bfgminer <=5.5.0 remote management api post-auth buffer overflow and path traversal",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/06/03/1"
},
{
"name" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10058",
"refsource" : "MISC",
"url" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10058"
}
]
}

5
2018/10xxx/CVE-2018-10357.json
View File

@ -61,6 +61,11 @@
"name" : "https://success.trendmicro.com/solution/1119811",
"refsource" : "CONFIRM",
"url" : "https://success.trendmicro.com/solution/1119811"
},
{
"name" : "104355",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104355"
}
]
}

51
2018/10xxx/CVE-2018-10597.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-10597",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors",
"version" : {
"version_data" : [
{
"version_value" : "The following IntelliVue Patient Monitors versions are affected: IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, and IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only). The following Avalon Fetal/Maternal Monitors versions are affected: Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3"
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
]
}

51
2018/10xxx/CVE-2018-10599.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-10599",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors",
"version" : {
"version_data" : [
{
"version_value" : "The following IntelliVue Patient Monitors versions are affected: IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, and IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only). The following Avalon Fetal/Maternal Monitors versions are affected: Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3"
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "INFORMATION EXPOSURE CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
]
}

51
2018/10xxx/CVE-2018-10601.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-10601",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors",
"version" : {
"version_data" : [
{
"version_value" : "The following IntelliVue Patient Monitors versions are affected: IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, and IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only). The following Avalon Fetal/Maternal Monitors versions are affected: Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3"
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an \"echo\" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
]
}

5
2018/10xxx/CVE-2018-10611.json
View File

@ -62,6 +62,11 @@
"name" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1",
"refsource" : "CONFIRM",
"url" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1"
},
{
"name" : "104377",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104377"
}
]
}

5
2018/10xxx/CVE-2018-10613.json
View File

@ -62,6 +62,11 @@
"name" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1",
"refsource" : "CONFIRM",
"url" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1"
},
{
"name" : "104377",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104377"
}
]
}

5
2018/10xxx/CVE-2018-10615.json
View File

@ -62,6 +62,11 @@
"name" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1",
"refsource" : "CONFIRM",
"url" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1"
},
{
"name" : "104377",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104377"
}
]
}

53
2018/10xxx/CVE-2018-10813.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10813",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/aprendecondedos/dedos-web/pull/1",
"refsource" : "MISC",
"url" : "https://github.com/aprendecondedos/dedos-web/pull/1"
},
{
"name" : "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune",
"refsource" : "MISC",
"url" : "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune"
}
]
}

58
2018/10xxx/CVE-2018-10966.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10966",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/GamerPolls/gamerpolls.com/pull/56",
"refsource" : "MISC",
"url" : "https://github.com/GamerPolls/gamerpolls.com/pull/56"
},
{
"name" : "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune",
"refsource" : "MISC",
"url" : "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune"
},
{
"name" : "https://github.com/GamerPolls/gamerpolls.com/blob/03ccbaf219410e0a45390d0efc12017f08a25282/config/environments/all.js#L58",
"refsource" : "CONFIRM",
"url" : "https://github.com/GamerPolls/gamerpolls.com/blob/03ccbaf219410e0a45390d0efc12017f08a25282/config/environments/all.js#L58"
}
]
}

5
2018/11xxx/CVE-2018-11358.json
View File

@ -72,6 +72,11 @@
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-31.html"
},
{
"name" : "DSA-4217",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4217"
},
{
"name" : "104308",
"refsource" : "BID",

5
2018/11xxx/CVE-2018-11360.json
View File

@ -67,6 +67,11 @@
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-30.html"
},
{
"name" : "DSA-4217",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4217"
},
{
"name" : "104308",
"refsource" : "BID",

5
2018/11xxx/CVE-2018-11362.json
View File

@ -72,6 +72,11 @@
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-25.html"
},
{
"name" : "DSA-4217",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4217"
},
{
"name" : "104308",
"refsource" : "BID",

5
2018/11xxx/CVE-2018-11410.json
View File

@ -62,6 +62,11 @@
"refsource" : "MISC",
"url" : "https://docs.google.com/document/d/1Uw3D6ECXZr8S2cWOTY81kg6ivv0WpR4kQqxVpUSyGUA/edit?usp=sharing"
},
{
"name" : "USN-3669-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3669-1/"
},
{
"name" : "104324",
"refsource" : "BID",

5
2018/11xxx/CVE-2018-11440.json
View File

@ -57,6 +57,11 @@
"refsource" : "MISC",
"url" : "https://github.com/liblouis/liblouis/issues/575"
},
{
"name" : "USN-3669-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3669-1/"
},
{
"name" : "104321",
"refsource" : "BID",

48
2018/11xxx/CVE-2018-11553.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11553",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/helloheary/SGIN.CN-V9.4.10-product-has-XSS-in-login-page/blob/master/README.md",
"refsource" : "MISC",
"url" : "https://github.com/helloheary/SGIN.CN-V9.4.10-product-has-XSS-in-login-page/blob/master/README.md"
}
]
}

48
2018/11xxx/CVE-2018-11554.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11554",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md",
"refsource" : "MISC",
"url" : "https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md"
}
]
}

5
2018/11xxx/CVE-2018-11577.json
View File

@ -61,6 +61,11 @@
"name" : "https://github.com/liblouis/liblouis/issues/582",
"refsource" : "MISC",
"url" : "https://github.com/liblouis/liblouis/issues/582"
},
{
"name" : "USN-3669-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3669-1/"
}
]
}

5
2018/11xxx/CVE-2018-11581.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "44839",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44839/"
},
{
"name" : "https://gist.github.com/huykha/409451e4b086bfbd55e28e7e803ae930",
"refsource" : "MISC",

53
2018/11xxx/CVE-2018-11586.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11586",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44827",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44827/"
},
{
"name" : "http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html"
}
]
}

5
2018/11xxx/CVE-2018-11628.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "44831",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44831/"
},
{
"name" : "https://docs.emssoftware.com/Content/V44.1_ReleaseNotes.htm",
"refsource" : "MISC",

5
2018/11xxx/CVE-2018-11670.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "44825",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44825/"
},
{
"name" : "https://github.com/GreenCMS/GreenCMS/issues/108",
"refsource" : "MISC",

5
2018/11xxx/CVE-2018-11671.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "44826",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44826/"
},
{
"name" : "https://github.com/GreenCMS/GreenCMS/issues/109",
"refsource" : "MISC",

48
2018/11xxx/CVE-2018-11678.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11678",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://abdilahrf.github.io/login-rate-limiting-bypass",
"refsource" : "MISC",
"url" : "http://abdilahrf.github.io/login-rate-limiting-bypass"
}
]
}

48
2018/11xxx/CVE-2018-11722.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11722",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wuzhicms/wuzhicms/issues/141",
"refsource" : "MISC",
"url" : "https://github.com/wuzhicms/wuzhicms/issues/141"
}
]
}

18
2018/11xxx/CVE-2018-11734.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11734",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2018/11xxx/CVE-2018-11735.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/XIMDEX/ximdex/issues/146",
"refsource" : "MISC",
"url" : "https://github.com/XIMDEX/ximdex/issues/146"
}
]
}
}

67
2018/11xxx/CVE-2018-11736.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11736",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/pluck-cms/pluck/issues/61",
"refsource" : "CONFIRM",
"url" : "https://github.com/pluck-cms/pluck/issues/61"
},
{
"name" : "https://github.com/pluck-cms/pluck/releases/tag/4.7.7-dev2",
"refsource" : "CONFIRM",
"url" : "https://github.com/pluck-cms/pluck/releases/tag/4.7.7-dev2"
}
]
}
}

62
2018/11xxx/CVE-2018-11737.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sleuthkit/sleuthkit/issues/1266",
"refsource" : "MISC",
"url" : "https://github.com/sleuthkit/sleuthkit/issues/1266"
}
]
}
}

62
2018/11xxx/CVE-2018-11738.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sleuthkit/sleuthkit/issues/1265",
"refsource" : "MISC",
"url" : "https://github.com/sleuthkit/sleuthkit/issues/1265"
}
]
}
}

62
2018/11xxx/CVE-2018-11739.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11739",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sleuthkit/sleuthkit/issues/1267",
"refsource" : "MISC",
"url" : "https://github.com/sleuthkit/sleuthkit/issues/1267"
}
]
}
}

62
2018/11xxx/CVE-2018-11740.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sleuthkit/sleuthkit/issues/1264",
"refsource" : "MISC",
"url" : "https://github.com/sleuthkit/sleuthkit/issues/1264"
}
]
}
}

18
2018/11xxx/CVE-2018-11741.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11741",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/11xxx/CVE-2018-11742.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11742",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2018/11xxx/CVE-2018-11743.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11743",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d",
"refsource" : "MISC",
"url" : "https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d"
},
{
"name" : "https://github.com/mruby/mruby/issues/4027",
"refsource" : "MISC",
"url" : "https://github.com/mruby/mruby/issues/4027"
}
]
}
}

18
2018/11xxx/CVE-2018-11744.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11744",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/11xxx/CVE-2018-11745.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11745",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/11xxx/CVE-2018-11746.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11746",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/11xxx/CVE-2018-11747.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11747",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

Some files were not shown because too many files have changed in this diff Show More