From 037ead58f29c260a90e9367c1fcf5c558fcb134f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 14 Jun 2018 16:03:36 -0400 Subject: [PATCH] - Synchronized data. --- 2017/1000xxx/CVE-2017-1000364.json | 5 +++ 2017/12xxx/CVE-2017-12070.json | 48 +++++++++++++++++++++++-- 2018/1000xxx/CVE-2018-1000168.json | 5 +++ 2018/11xxx/CVE-2018-11574.json | 48 +++++++++++++++++++++++-- 2018/11xxx/CVE-2018-11689.json | 48 +++++++++++++++++++++++-- 2018/11xxx/CVE-2018-11690.json | 53 +++++++++++++++++++++++++-- 2018/12xxx/CVE-2018-12422.json | 18 ++++++++++ 2018/8xxx/CVE-2018-8819.json | 58 ++++++++++++++++++++++++++++-- 8 files changed, 273 insertions(+), 10 deletions(-) create mode 100644 2018/12xxx/CVE-2018-12422.json diff --git a/2017/1000xxx/CVE-2017-1000364.json b/2017/1000xxx/CVE-2017-1000364.json index 4803c768a87..8d46d896e77 100644 --- a/2017/1000xxx/CVE-2017-1000364.json +++ b/2017/1000xxx/CVE-2017-1000364.json @@ -83,6 +83,11 @@ "refsource" : "CONFIRM", "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us" }, + { + "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10207", + "refsource" : "CONFIRM", + "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10207" + }, { "name" : "DSA-3886", "refsource" : "DEBIAN", diff --git a/2017/12xxx/CVE-2017-12070.json b/2017/12xxx/CVE-2017-12070.json index 990a931bf84..64086efd0ae 100644 --- a/2017/12xxx/CVE-2017-12070.json +++ b/2017/12xxx/CVE-2017-12070.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-12070", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf", + "refsource" : "CONFIRM", + "url" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf" } ] } diff --git a/2018/1000xxx/CVE-2018-1000168.json b/2018/1000xxx/CVE-2018-1000168.json index 1af467bc638..bd051ba8591 100644 --- a/2018/1000xxx/CVE-2018-1000168.json +++ b/2018/1000xxx/CVE-2018-1000168.json @@ -59,6 +59,11 @@ "name" : "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/", "refsource" : "CONFIRM", "url" : "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/" + }, + { + "name" : "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", + "refsource" : "CONFIRM", + "url" : "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" } ] } diff --git a/2018/11xxx/CVE-2018-11574.json b/2018/11xxx/CVE-2018-11574.json index 1b4904b4cf5..2ebde392303 100644 --- a/2018/11xxx/CVE-2018-11574.json +++ b/2018/11xxx/CVE-2018-11574.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11574", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[oss-security] 20180611 Buffer Overflow in pppd EAP-TLS implementation", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2018/06/11/1" } ] } diff --git a/2018/11xxx/CVE-2018-11689.json b/2018/11xxx/CVE-2018-11689.json index fb8831713a0..55421b63d33 100644 --- a/2018/11xxx/CVE-2018-11689.json +++ b/2018/11xxx/CVE-2018-11689.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11689", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180613 Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689", + "refsource" : "BUGTRAQ", + "url" : "http://www.securityfocus.com/archive/1/archive/1/542083/100/0/threaded" } ] } diff --git a/2018/11xxx/CVE-2018-11690.json b/2018/11xxx/CVE-2018-11690.json index 03c8c3eed5a..def89e3fbfd 100644 --- a/2018/11xxx/CVE-2018-11690.json +++ b/2018/11xxx/CVE-2018-11690.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11690", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180608 Gridbox extension for Joomla! <= 2.4.0 Reflected Cross Site Scripting (XSS)", + "refsource" : "BUGTRAQ", + "url" : "http://www.securityfocus.com/archive/1/archive/1/542066/100/0/threaded" + }, + { + "name" : "http://packetstormsecurity.com/files/148127/Joomla-2.4.0-Gridbox-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/148127/Joomla-2.4.0-Gridbox-Cross-Site-Scripting.html" } ] } diff --git a/2018/12xxx/CVE-2018-12422.json b/2018/12xxx/CVE-2018-12422.json new file mode 100644 index 00000000000..e79d214d159 --- /dev/null +++ b/2018/12xxx/CVE-2018-12422.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-12422", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/8xxx/CVE-2018-8819.json b/2018/8xxx/CVE-2018-8819.json index c7cb04c7d56..3f79f9d47ad 100644 --- a/2018/8xxx/CVE-2018-8819.json +++ b/2018/8xxx/CVE-2018-8819.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-8819", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the \"X-Wap-Profile\" HTTP header." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180608 Multiple Automated Logic Corporation WebCTRL XML External Entity Injection (CVE-2018-8819)", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jun/21" + }, + { + "name" : "http://packetstormsecurity.com/files/148126/WebCTRL-Out-Of-Band-XML-Injection.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/148126/WebCTRL-Out-Of-Band-XML-Injection.html" + }, + { + "name" : "https://hateshape.github.io/general/2018/06/07/CVE-2018-8819.html", + "refsource" : "MISC", + "url" : "https://hateshape.github.io/general/2018/06/07/CVE-2018-8819.html" } ] }