admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-01-29 11:05:08 -05:00
parent 63eeb004ef
commit fe61ec4fd2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 305 additions and 237 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2018/10xxx/CVE-2018-10612.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
}
]

137
2018/16xxx/CVE-2018-16880.json
View File

@ -1,71 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16880",
"ASSIGNER": "psampaio@redhat.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Linux Foundation",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "from v4.16 and newer"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-16880",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "kernel",
"version" : {
"version_data" : [
{
"version_value" : "from v4.16 and newer"
}
]
}
}
]
},
"vendor_name" : "The Linux Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.9/CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-787"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
]
]
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880"
}
]
}
}

9
2018/18xxx/CVE-2018-18981.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In Rockwell Automation FactoryTalk Services Platform v2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services."
"value" : "In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services."
}
]
},
@ -54,7 +54,14 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-331-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-331-02"
},
{
"name" : "106279",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106279"
}
]
}

2
2018/18xxx/CVE-2018-18985.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02"
}
]

108
2018/1xxx/CVE-2018-1668.json
View File

@ -1,46 +1,9 @@
{
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows \"null\" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"A" : "N",
"S" : "U",
"UI" : "N",
"SCORE" : "5.300",
"C" : "L",
"AC" : "L",
"AV" : "N",
"I" : "N"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-01-11T00:00:00",
"ID" : "CVE-2018-1668",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
@ -49,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "DataPower Gateway",
"version" : {
"version_data" : [
{
@ -76,8 +40,7 @@
"version_value" : "7.6.0.11"
}
]
},
"product_name" : "DataPower Gateway"
}
}
]
},
@ -86,25 +49,60 @@
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1668",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-01-11T00:00:00"
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows \"null\" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 794735 (DataPower Gateway)",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10794735",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10794735",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10794735"
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10794735"
},
{
"name" : "ibm-websphere-cve20181668-info-disc(144894)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144894",
"name" : "ibm-websphere-cve20181668-info-disc (144894)"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144894"
}
]
}

122
2018/1xxx/CVE-2018-1733.json
View File

@ -1,12 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-01-23T00:00:00",
"ID" : "CVE-2018-1733",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "7.2"
},
{
"version_value" : "7.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. IBM X-Force ID: 147811.",
"lang" : "eng"
"lang" : "eng",
"value" : "IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. IBM X-Force ID: 147811."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "N",
"I" : "L",
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -19,75 +74,18 @@
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10794523",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10794523",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 794523 (QRadar SIEM)"
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10794523"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-qradar-cve20181733-spoofing(147811)",
"refsource" : "XF",
"name" : "ibm-qradar-cve20181733-spoofing (147811)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147811"
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-01-23T00:00:00",
"ID" : "CVE-2018-1733",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.2"
},
{
"version_value" : "7.3"
}
]
},
"product_name" : "QRadar SIEM"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"AV" : "N",
"UI" : "N",
"S" : "U",
"AC" : "L",
"C" : "N",
"SCORE" : "5.300",
"A" : "N",
"PR" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"data_version" : "4.0"
}
}

100
2018/1xxx/CVE-2018-1976.json
View File

@ -1,55 +1,18 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-01-24T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-1976",
"ASSIGNER" : "psirt@us.ibm.com"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10843130",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10843130",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 843130 (API Connect)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154031",
"name" : "ibm-api-cve20181976-info-disc (154031)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "API Connect",
"version" : {
"version_data" : [
{
@ -59,35 +22,70 @@
"version_value" : "5.0.8.4"
}
]
},
"product_name" : "API Connect"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"PR" : "H",
"UI" : "N",
"S" : "U",
"AC" : "L",
"SCORE" : "4.900",
"AV" : "N",
"C" : "H",
"I" : "N",
"AV" : "N"
"PR" : "H",
"S" : "U",
"SCORE" : "4.900",
"UI" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE"
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10843130",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10843130"
},
{
"name" : "ibm-api-cve20181976-info-disc(154031)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154031"
}
]
}
}

62
2019/7xxx/CVE-2019-7160.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7160",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/idreamsoft/iCMS/issues/50",
"refsource" : "MISC",
"url" : "https://github.com/idreamsoft/iCMS/issues/50"
}
]
}
}