From 098106eb9be06d3da464c4612ea1dee16357d39f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 4 May 2018 16:04:00 -0400 Subject: [PATCH] - Synchronized data. --- 2011/0xxx/CVE-2011-0704.json | 53 +++++++++++++++++++++++++- 2012/5xxx/CVE-2012-5628.json | 48 +++++++++++++++++++++++- 2013/2xxx/CVE-2013-2233.json | 68 +++++++++++++++++++++++++++++++++- 2017/15xxx/CVE-2017-15043.json | 48 +++++++++++++++++++++++- 2017/18xxx/CVE-2017-18217.json | 5 +++ 2018/10xxx/CVE-2018-10229.json | 53 +++++++++++++++++++++++++- 2018/10xxx/CVE-2018-10251.json | 48 +++++++++++++++++++++++- 2018/10xxx/CVE-2018-10751.json | 18 +++++++++ 8 files changed, 329 insertions(+), 12 deletions(-) create mode 100644 2018/10xxx/CVE-2018-10751.json diff --git a/2011/0xxx/CVE-2011-0704.json b/2011/0xxx/CVE-2011-0704.json index 0228876cb20..858bdae43c5 100644 --- a/2011/0xxx/CVE-2011-0704.json +++ b/2011/0xxx/CVE-2011-0704.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2011-0704", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=675320", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=675320" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=676876", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=676876" } ] } diff --git a/2012/5xxx/CVE-2012-5628.json b/2012/5xxx/CVE-2012-5628.json index 2d9460e1f1d..03efc883436 100644 --- a/2012/5xxx/CVE-2012-5628.json +++ b/2012/5xxx/CVE-2012-5628.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2012-5628", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=884854", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=884854" } ] } diff --git a/2013/2xxx/CVE-2013-2233.json b/2013/2xxx/CVE-2013-2233.json index 1dbb9242d4d..5c7362b191b 100644 --- a/2013/2xxx/CVE-2013-2233.json +++ b/2013/2xxx/CVE-2013-2233.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2013-2233", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,48 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[oss-security] 20130701 CVE Request: Ansible not caching SSH host keys", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2013/07/01/2" + }, + { + "name" : "[oss-security] 20130702 Re: CVE Request: Ansible not caching SSH host keys", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2013/07/02/6" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=980821", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=980821" + }, + { + "name" : "https://github.com/ansible/ansible/issues/857", + "refsource" : "CONFIRM", + "url" : "https://github.com/ansible/ansible/issues/857" + }, + { + "name" : "https://www.ansible.com/security", + "refsource" : "CONFIRM", + "url" : "https://www.ansible.com/security" } ] } diff --git a/2017/15xxx/CVE-2017-15043.json b/2017/15xxx/CVE-2017-15043.json index cc2292dd157..86eadb6a07d 100644 --- a/2017/15xxx/CVE-2017-15043.json +++ b/2017/15xxx/CVE-2017-15043.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-15043", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/", + "refsource" : "CONFIRM", + "url" : "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/" } ] } diff --git a/2017/18xxx/CVE-2017-18217.json b/2017/18xxx/CVE-2017-18217.json index 2eedb1e3bbc..22cd488924d 100644 --- a/2017/18xxx/CVE-2017-18217.json +++ b/2017/18xxx/CVE-2017-18217.json @@ -61,6 +61,11 @@ "name" : "https://github.com/InvoicePlane/InvoicePlane/pull/551", "refsource" : "MISC", "url" : "https://github.com/InvoicePlane/InvoicePlane/pull/551" + }, + { + "name" : "http://blog.isecurion.com/2018/04/23/invoice-plane-v1-5-cross-site-scripting-vulnerability/", + "refsource" : "MISC", + "url" : "http://blog.isecurion.com/2018/04/23/invoice-plane-v1-5-cross-site-scripting-vulnerability/" } ] } diff --git a/2018/10xxx/CVE-2018-10229.json b/2018/10xxx/CVE-2018-10229.json index f68c84619db..d7ed7978f83 100644 --- a/2018/10xxx/CVE-2018-10229.json +++ b/2018/10xxx/CVE-2018-10229.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-10229", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf", + "refsource" : "MISC", + "url" : "https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf" + }, + { + "name" : "VU#283803", + "refsource" : "CERT-VN", + "url" : "https://www.kb.cert.org/vuls/id/283803" } ] } diff --git a/2018/10xxx/CVE-2018-10251.json b/2018/10xxx/CVE-2018-10251.json index 8230d8d65d6..696071f5936 100644 --- a/2018/10xxx/CVE-2018-10251.json +++ b/2018/10xxx/CVE-2018-10251.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-10251", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---cve-2018-10251/", + "refsource" : "CONFIRM", + "url" : "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---cve-2018-10251/" } ] } diff --git a/2018/10xxx/CVE-2018-10751.json b/2018/10xxx/CVE-2018-10751.json new file mode 100644 index 00000000000..d1c005e606e --- /dev/null +++ b/2018/10xxx/CVE-2018-10751.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10751", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}