diff --git a/2018/14xxx/CVE-2018-14327.json b/2018/14xxx/CVE-2018-14327.json index 1b2fdd24648..06f23f05770 100644 --- a/2018/14xxx/CVE-2018-14327.json +++ b/2018/14xxx/CVE-2018-14327.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14327", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the \"Web Connecton\\EE40\" and \"Web Connecton\\EE40\\BackgroundService\" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the \"Web Connecton\\EE40\\BackgroundService\" directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html", + "refsource" : "MISC", + "url" : "http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html" + }, + { + "name" : "http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html" + }, + { + "name" : "https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/", + "refsource" : "MISC", + "url" : "https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/" + }, + { + "name" : "105385", + "refsource" : "BID", + "url" : "http://www.securityfocus.com/bid/105385" } ] } diff --git a/2018/15xxx/CVE-2018-15531.json b/2018/15xxx/CVE-2018-15531.json index 40699d90806..f21596b507d 100644 --- a/2018/15xxx/CVE-2018-15531.json +++ b/2018/15xxx/CVE-2018-15531.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15531", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[oss-security] 20180925 Multiple vulnerabilities in Jenkins plugins", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2018/09/25/3" + }, + { + "name" : "https://github.com/javamelody/javamelody/commit/ef111822562d0b9365bd3e671a75b65bd0613353", + "refsource" : "CONFIRM", + "url" : "https://github.com/javamelody/javamelody/commit/ef111822562d0b9365bd3e671a75b65bd0613353" + }, + { + "name" : "https://github.com/javamelody/javamelody/wiki/ReleaseNotes", + "refsource" : "CONFIRM", + "url" : "https://github.com/javamelody/javamelody/wiki/ReleaseNotes" + }, + { + "name" : "https://jenkins.io/security/advisory/2018-09-25/", + "refsource" : "CONFIRM", + "url" : "https://jenkins.io/security/advisory/2018-09-25/" } ] } diff --git a/2018/16xxx/CVE-2018-16055.json b/2018/16xxx/CVE-2018-16055.json index aa9be07ae85..ce4c30d4193 100644 --- a/2018/16xxx/CVE-2018-16055.json +++ b/2018/16xxx/CVE-2018-16055.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16055", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters \"ifdescr\" and \"ipv\" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.pfsense.org/security/advisories/pfSense-SA-18_08.webgui.asc", + "refsource" : "CONFIRM", + "url" : "https://www.pfsense.org/security/advisories/pfSense-SA-18_08.webgui.asc" } ] } diff --git a/2018/16xxx/CVE-2018-16588.json b/2018/16xxx/CVE-2018-16588.json index 9afa0b246ba..bfeb8abe18d 100644 --- a/2018/16xxx/CVE-2018-16588.json +++ b/2018/16xxx/CVE-2018-16588.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16588", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "openSUSE-SU-2018:2852", + "refsource" : "SUSE", + "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00073.html" } ] } diff --git a/2018/16xxx/CVE-2018-16711.json b/2018/16xxx/CVE-2018-16711.json index b0f92934aa8..bcd83fb4b82 100644 --- a/2018/16xxx/CVE-2018-16711.json +++ b/2018/16xxx/CVE-2018-16711.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16711", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for input." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://downwithup.github.io/CVEPosts.html", + "refsource" : "MISC", + "url" : "https://downwithup.github.io/CVEPosts.html" } ] } diff --git a/2018/16xxx/CVE-2018-16712.json b/2018/16xxx/CVE-2018-16712.json index 365b6d35e3c..558695f6e1f 100644 --- a/2018/16xxx/CVE-2018-16712.json +++ b/2018/16xxx/CVE-2018-16712.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16712", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://downwithup.github.io/CVEPosts.html", + "refsource" : "MISC", + "url" : "https://downwithup.github.io/CVEPosts.html" } ] } diff --git a/2018/16xxx/CVE-2018-16713.json b/2018/16xxx/CVE-2018-16713.json index 80afaee8df0..586f852375f 100644 --- a/2018/16xxx/CVE-2018-16713.json +++ b/2018/16xxx/CVE-2018-16713.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16713", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://downwithup.github.io/CVEPosts.html", + "refsource" : "MISC", + "url" : "https://downwithup.github.io/CVEPosts.html" } ] } diff --git a/2018/17xxx/CVE-2018-17309.json b/2018/17xxx/CVE-2018-17309.json index 9d94b8d3c05..58b91f182aa 100644 --- a/2018/17xxx/CVE-2018-17309.json +++ b/2018/17xxx/CVE-2018-17309.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17309", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149493/RICOH-MP-C406Z-Printer-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149493/RICOH-MP-C406Z-Printer-Cross-Site-Scripting.html" } ] } diff --git a/2018/17xxx/CVE-2018-17310.json b/2018/17xxx/CVE-2018-17310.json index 06ce005e2c9..b5b12e9a783 100644 --- a/2018/17xxx/CVE-2018-17310.json +++ b/2018/17xxx/CVE-2018-17310.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17310", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149494/RICOH-MP-C1803-JPN-Printer-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149494/RICOH-MP-C1803-JPN-Printer-Cross-Site-Scripting.html" } ] } diff --git a/2018/17xxx/CVE-2018-17311.json b/2018/17xxx/CVE-2018-17311.json index 84a57907de3..8df29506c6a 100644 --- a/2018/17xxx/CVE-2018-17311.json +++ b/2018/17xxx/CVE-2018-17311.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17311", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149495/RICOH-MP-C6503-Plus-Printer-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149495/RICOH-MP-C6503-Plus-Printer-Cross-Site-Scripting.html" } ] } diff --git a/2018/17xxx/CVE-2018-17312.json b/2018/17xxx/CVE-2018-17312.json index 3d406ae54ae..0d00c414624 100644 --- a/2018/17xxx/CVE-2018-17312.json +++ b/2018/17xxx/CVE-2018-17312.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17312", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149496/RICOH-Aficio-MP-301-Printer-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149496/RICOH-Aficio-MP-301-Printer-Cross-Site-Scripting.html" } ] } diff --git a/2018/17xxx/CVE-2018-17313.json b/2018/17xxx/CVE-2018-17313.json index 3aaa080f7b6..6b4721101f5 100644 --- a/2018/17xxx/CVE-2018-17313.json +++ b/2018/17xxx/CVE-2018-17313.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17313", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149497/RICOH-MP-C307-Printer-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149497/RICOH-MP-C307-Printer-Cross-Site-Scripting.html" } ] } diff --git a/2018/17xxx/CVE-2018-17314.json b/2018/17xxx/CVE-2018-17314.json index e20847b7979..e9e6a2fb2f0 100644 --- a/2018/17xxx/CVE-2018-17314.json +++ b/2018/17xxx/CVE-2018-17314.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17314", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149501/RICOH-MP-305-Printer-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149501/RICOH-MP-305-Printer-Cross-Site-Scripting.html" } ] } diff --git a/2018/17xxx/CVE-2018-17315.json b/2018/17xxx/CVE-2018-17315.json index f498ecdc649..0300bd4708f 100644 --- a/2018/17xxx/CVE-2018-17315.json +++ b/2018/17xxx/CVE-2018-17315.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17315", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149502/RICOH-MP-C2003-Printer-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149502/RICOH-MP-C2003-Printer-Cross-Site-Scripting.html" } ] } diff --git a/2018/17xxx/CVE-2018-17316.json b/2018/17xxx/CVE-2018-17316.json index 7536d4c790c..2ca1ff70368 100644 --- a/2018/17xxx/CVE-2018-17316.json +++ b/2018/17xxx/CVE-2018-17316.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17316", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149505/RICOH-MP-C6003-Printer-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149505/RICOH-MP-C6003-Printer-Cross-Site-Scripting.html" } ] } diff --git a/2018/17xxx/CVE-2018-17411.json b/2018/17xxx/CVE-2018-17411.json index 6a7bdd935bc..e6c97dea4cc 100644 --- a/2018/17xxx/CVE-2018-17411.json +++ b/2018/17xxx/CVE-2018-17411.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17411", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/MrR3boot/CVE-Hunting/blob/master/iWay%20DQS%20XXE.pdf", + "refsource" : "MISC", + "url" : "https://github.com/MrR3boot/CVE-Hunting/blob/master/iWay%20DQS%20XXE.pdf" } ] } diff --git a/2018/17xxx/CVE-2018-17567.json b/2018/17xxx/CVE-2018-17567.json new file mode 100644 index 00000000000..02887ff0d08 --- /dev/null +++ b/2018/17xxx/CVE-2018-17567.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17567", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17568.json b/2018/17xxx/CVE-2018-17568.json new file mode 100644 index 00000000000..445e1ee9ef1 --- /dev/null +++ b/2018/17xxx/CVE-2018-17568.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17568", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-0c23effa84a7b85053bac7981a8580c8", + "refsource" : "MISC", + "url" : "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-0c23effa84a7b85053bac7981a8580c8" + }, + { + "name" : "https://github.com/viabtc/viabtc_exchange_server/pull/131", + "refsource" : "MISC", + "url" : "https://github.com/viabtc/viabtc_exchange_server/pull/131" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17569.json b/2018/17xxx/CVE-2018-17569.json new file mode 100644 index 00000000000..4d76875929f --- /dev/null +++ b/2018/17xxx/CVE-2018-17569.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17569", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-9fabc53ea796ec492aef432594298baa", + "refsource" : "MISC", + "url" : "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-9fabc53ea796ec492aef432594298baa" + }, + { + "name" : "https://github.com/viabtc/viabtc_exchange_server/pull/131", + "refsource" : "MISC", + "url" : "https://github.com/viabtc/viabtc_exchange_server/pull/131" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17570.json b/2018/17xxx/CVE-2018-17570.json new file mode 100644 index 00000000000..0a42f9d4c3c --- /dev/null +++ b/2018/17xxx/CVE-2018-17570.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17570", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-515c81af848352583bff286d6224875f", + "refsource" : "MISC", + "url" : "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-515c81af848352583bff286d6224875f" + }, + { + "name" : "https://github.com/viabtc/viabtc_exchange_server/pull/131", + "refsource" : "MISC", + "url" : "https://github.com/viabtc/viabtc_exchange_server/pull/131" + } + ] + } +}