Distributed Weakness Filing (DWF) CVE Request form for PUBLIC issues in OpenSource software v5.0 (Responses)
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

Comment only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAABACADAEAFAGAHAIAJAKALAMANAOAPAQARASATAUAVAWAXAYAZBABB
1
Timestamp
Requestors emails address:
I confirm that this CVE is for an Open Source software component/library/etc.
I confirm that I have read the CVE Terms of Use and agree to them
Vendor/Project of the product
Affected product name Product URLAffected version
Fixed version (optional information)
Vulnerability type
Vulnerability type if other or unknown
Affected componentImpact of exploitationAttack vector
Reference URL 1
Reference URL 2
Reference URL 3
Reference URL 4
Reference URL5
Notes
URL_PROD_URL
URL_1_200CODE
URL_2_200CODE
URL_3_200CODE
URL_4_200CODE
URL_5_200CODE
CVE ToU Email
Analyst
Description
StatusErrors
2
2/4/2019 5:57:30eleetas@gmail.comYesYeslibpnglibpnghttp://www.libpng.org/1.6.36 and earlierUse after freeUse after freepng_image_free()?image
https://github.com/glennrp/libpng/issues/275
200200SENT
3
2/13/2019 8:58:32hahn@univention.deYesYes
Univention Corporate Server
univention-nagios
https://github.com/univention/univention-corporate-server/tree/4.3-3/nagios/univention-nagios
11.0.1-7 and earlier11.0.1-8 or laterOther/Unknown
CWE-426: Untrusted Search Path
check_univention_ldap_suidwrapper.c
Complete loss of Confidentiality and Integrity and Availability
local root exploit
https://github.com/univention/univention-corporate-server/commit/7beb74af8fc0aa32910129b89f32a03e0d28acad
https://forge.univention.org/bugzilla/show_bug.cgi?id=48603
https://forge.univention.org/bugzilla/show_bug.cgi?id=48616
I work for Univention GmbH and I'm the person who discovered and fixed the issue.
200200200200
ACCEPTED
4
2/13/2019 9:47:52hahn@univention.deYesYes
Univention Corporate Server
univention-directory-notifier
https://github.com/univention/univention-corporate-server/tree/4.3-3/management/univention-directory-notifier
12.0.1-3 and earlier12.0.1-4 and laterOther/Unknown
CWE-213: Intentional Information Exposure
function data_on_connection() in src/callback.c
Loss of Confidentialitynetwork connectivity
https://github.com/univention/univention-corporate-server/commit/a28053045bd2e778c50ed1acaf4e52e1e34f6e34
https://forge.univention.org/bugzilla/show_bug.cgi?id=48427
I work for Univention GmbH and I'm the person, who implemented the fix.
200200200
ACCEPTED
5
2/19/2019 20:06:25
msacchetin@grubhub.com
YesYes
Jenkins Credentials Binding Plugin
Jenkinshttps://jenkins.io1.17Other/Unknown
CWE-257: Storing Passwords in a Recoverable Format
config-variables.jelly line #30 (passwordVariable)
Authenticated users can recover credentials
Attacker creates and executes a Jenkins job
https://docs.google.com/document/d/1MBEoJSMvkjp5Kua0bRD_kiDBisL0fOCwTL9uMWj4lGA/edit?usp=sharing
The public Googledoc document shared through the Reference URL 1 contains the complete description of the vulnerability. It also includes exploit details and a proof of concept.
6
2/20/2019 13:47:01esben@semmle.comYesYesMolochMoloch
https://github.com/aol/moloch
prior to version 1.7.01.7.0 and later
Cross Site Scripting (XSS)
Three web pages with vulnerable error reports, implemented at: https://github.com/aol/moloch/blob/16802832a61d330d9d89565ab4579da00ee99025/viewer/viewer.js#L4660, https://github.com/aol/moloch/blob/16802832a61d330d9d89565ab4579da00ee99025/viewer/viewer.js#L675, https://github.com/aol/moloch/blob/16802832a61d330d9d89565ab4579da00ee99025/viewer/viewer.js#L703
Execution of arbitrary JavaScript code
The victim must visit a malicious link in a browser.
https://github.com/aol/moloch/commit/22abc16d7f834a6daeffeaf841a79ba3f09addbb
https://github.com/aol/moloch/commit/f7063958cfdb9202405a0f6b657c032ced12f09f
7
2/20/2019 19:41:12
jan.kopriva@untrustednetwork.cz
YesYesBabel: Multilingual siteBabel
http://dev.cmsmadesimple.org/projects/babel
All-Other/UnknownOpen Redirectionredirect.php
Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter.
The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing.
https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/
http://dev.cmsmadesimple.org/project/files/729
8
2/20/2019 23:42:40
setenforce1@gmail.com
YesYesOpenIDOpenID library for Ruby
https://github.com/openid/ruby-openid
2.8.0 and earlierOther/Unknown
Server Side Request Forgery (SSRF)
Claimed Identifier Verification
can be exploited to map/fingerprint/attack private network resources
Remotely exploitable using malicious HTTP requestsWh
https://github.com/openid/ruby-openid
This issue is being privately reported so the OpenID community can remediate the issue, and give developers a reasonable amount of time to patch. Will provide link to public notice once the community is ready to notify.
9
2/22/2019 11:38:26joakim.bech@linaro.orgYesYesLinaro/OP-TEEOP-TEEhttp://optee.orgPrior to version v3.4.0v3.4.0Other/UnknownBoundary checksoptee_os
This could lead to corruption of any memory which the TA can access.
N/A
https://github.com/OP-TEE/optee_os/commit/e3adcf566cb278444830e7badfdcc3983e334fd1
As soon as we have gotten the CVE number we can add more information.
10
2/22/2019 13:18:10joakim.bech@linaro.orgYesYesLinaro/OP-TEEOP-TEEhttp://optee.org3.3.0 and earlier3.4.0 and laterOther/UnknownBoundary crossingoptee_os
Memory corruption of the TEE itself.
N/A
https://github.com/OP-TEE/optee_os/commit/95f36d661f2b75887772ea28baaad904bde96970
After getting the CVE number, we can provide additional details.
11
2/22/2019 13:25:57joakim.bech@linaro.orgYesYesLinaro/OP-TEEOP-TEEhttps://optee.org3.3.0 and earlier3.4.0 and laterOther/UnknownRounding erroroptee_os
Potentially leaking code and/or data from previous Trusted Application
N/A
https://github.com/OP-TEE/optee_os/commit/7e768f8a473409215fe3fff8f6e31f8a3a0103c6
After getting the CVE we can provide additional information.
12
2/22/2019 13:30:38joakim.bech@linaro.orgYesYesLinaro/OP-TEEOP-TEEhttps://optee.org3.3.0 and earlier3.4.0 and laterBuffer Overflowoptee_os
Memory corruption and disclosure of memory content.
N/A
https://github.com/OP-TEE/optee_os/commit/d5c5b0b77b2b589666024d219a8007b3f5b6faeb
We can provide more details when we have received the CVE number.
13
2/22/2019 13:34:39joakim.bech@linaro.orgYesYesLinaro/OP-TEEOP-TEEhttps://optee.org3.3.0 and earlier3.4.0 and laterBuffer Overflowoptee_os
Code execution in context of TEE core (kernel)
N/A
https://github.com/OP-TEE/optee_os/commit/b60e1cee406a1ff521145ab9534370dfb85dd592
We can provide additional information when we have received the CVE number.
14
2/22/2019 13:37:22joakim.bech@linaro.orgYesYesLinaro/OP-TEEOP-TEEhttps://optee.org3.3.0 and earlier3.4.0 and laterBuffer Overflowoptee_os
Execution of code in TEE core (kernel) context.
N/A
https://github.com/OP-TEE/optee_os/commit/a637243270fc1faae16de059091795c32d86e65e
We can provide additional information when we have received the CVE number.
15
2/22/2019 13:40:35joakim.bech@linaro.orgYesYesLinaro/OP-TEEOP-TEEhttps://optee.org3.3.0 and earlier3.4.0 and laterBuffer Overflowoptee_os
Code execution in the context of TEE core (kernel)
N/A
https://github.com/OP-TEE/optee_os/commit/70697bf3c5dc3d201341b01a1a8e5bc6d2fb48f8
We can provide additional information after receiving the CVE numbers.
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
Loading...