diff --git a/2018/15xxx/CVE-2018-15612.json b/2018/15xxx/CVE-2018-15612.json index 8feeee061fe..57c9496a60a 100644 --- a/2018/15xxx/CVE-2018-15612.json +++ b/2018/15xxx/CVE-2018-15612.json @@ -1,82 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "securityalerts@avaya.com", - "ID": "CVE-2018-15612", - "STATE": "PUBLIC", - "TITLE": "Orchestration Designer Runtime Config CSRF" + "CVE_data_meta" : { + "ASSIGNER" : "securityalerts@avaya.com", + "ID" : "CVE-2018-15612", + "STATE" : "PUBLIC", + "TITLE" : "Orchestration Designer Runtime Config CSRF" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Orchestration Designer", - "version": { - "version_data": [ + "product_name" : "Orchestration Designer", + "version" : { + "version_data" : [ { - "version_value": "All versions up to 7.2.1" + "version_value" : "All versions up to 7.2.1" } ] } } ] }, - "vendor_name": "Avaya" + "vendor_name" : "Avaya" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "A CSRF vulnerability in the Runtime Config component of Avaya Aura® Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura® Orchestration Designer include all versions up to 7.2.1." + "lang" : "eng", + "value" : "A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.3, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "HIGH", + "attackVector" : "NETWORK", + "availabilityImpact" : "HIGH", + "baseScore" : 8.3, + "baseSeverity" : "HIGH", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "HIGH", + "privilegesRequired" : "NONE", + "scope" : "CHANGED", + "userInteraction" : "REQUIRED", + "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + "lang" : "eng", + "value" : "CWE-352: Cross-Site Request Forgery (CSRF)" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "name": "https://downloads.avaya.com/css/P8/documents/101052293", - "refsource": "CONFIRM", - "url": "https://downloads.avaya.com/css/P8/documents/101052293" + "name" : "https://downloads.avaya.com/css/P8/documents/101052293", + "refsource" : "CONFIRM", + "url" : "https://downloads.avaya.com/css/P8/documents/101052293" } ] }, - "source": { - "advisory": "ASA-2018-278" + "source" : { + "advisory" : "ASA-2018-278" } } diff --git a/2018/15xxx/CVE-2018-15613.json b/2018/15xxx/CVE-2018-15613.json index 46693028878..694b568d591 100644 --- a/2018/15xxx/CVE-2018-15613.json +++ b/2018/15xxx/CVE-2018-15613.json @@ -1,82 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "securityalerts@avaya.com", - "ID": "CVE-2018-15613", - "STATE": "PUBLIC", - "TITLE": "Orchestration Designer Runtime Config XSS" + "CVE_data_meta" : { + "ASSIGNER" : "securityalerts@avaya.com", + "ID" : "CVE-2018-15613", + "STATE" : "PUBLIC", + "TITLE" : "Orchestration Designer Runtime Config XSS" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Orchestration Designer", - "version": { - "version_data": [ + "product_name" : "Orchestration Designer", + "version" : { + "version_data" : [ { - "version_value": "All versions up to 7.2.1" + "version_value" : "All versions up to 7.2.1" } ] } } ] }, - "vendor_name": "Avaya" + "vendor_name" : "Avaya" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura® Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura® Orchestration Designer include all versions up to 7.2.1." + "lang" : "eng", + "value" : "A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.3, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "HIGH", + "attackVector" : "NETWORK", + "availabilityImpact" : "HIGH", + "baseScore" : 8.3, + "baseSeverity" : "HIGH", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "HIGH", + "privilegesRequired" : "NONE", + "scope" : "CHANGED", + "userInteraction" : "REQUIRED", + "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)" + "lang" : "eng", + "value" : "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "name": "https://downloads.avaya.com/css/P8/documents/101052293", - "refsource": "CONFIRM", - "url": "https://downloads.avaya.com/css/P8/documents/101052293" + "name" : "https://downloads.avaya.com/css/P8/documents/101052293", + "refsource" : "CONFIRM", + "url" : "https://downloads.avaya.com/css/P8/documents/101052293" } ] }, - "source": { - "advisory": "ASA-2018-278" + "source" : { + "advisory" : "ASA-2018-278" } } diff --git a/2018/17xxx/CVE-2018-17317.json b/2018/17xxx/CVE-2018-17317.json index 09041d7d31a..597eef456e7 100644 --- a/2018/17xxx/CVE-2018-17317.json +++ b/2018/17xxx/CVE-2018-17317.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17317", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://blog.51cto.com/010bjsoft/2175710", + "refsource" : "MISC", + "url" : "http://blog.51cto.com/010bjsoft/2175710" + }, + { + "name" : "https://github.com/PatatasFritas/PatataWifi/issues/1", + "refsource" : "MISC", + "url" : "https://github.com/PatatasFritas/PatataWifi/issues/1" } ] } diff --git a/2018/17xxx/CVE-2018-17320.json b/2018/17xxx/CVE-2018-17320.json new file mode 100644 index 00000000000..5f4339b002e --- /dev/null +++ b/2018/17xxx/CVE-2018-17320.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17320", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/ucms/ucms/issues/1", + "refsource" : "MISC", + "url" : "https://github.com/ucms/ucms/issues/1" + } + ] + } +}