From 1b094fde83e20da70cbcfd4b170cc08116106fe9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 2 Jan 2019 13:04:24 -0500 Subject: [PATCH] - Synchronized data. --- 2018/13xxx/CVE-2018-13045.json | 53 +++++++++++++++++++++++++- 2018/14xxx/CVE-2018-14718.json | 58 ++++++++++++++++++++++++++++- 2018/14xxx/CVE-2018-14719.json | 58 ++++++++++++++++++++++++++++- 2018/14xxx/CVE-2018-14720.json | 58 ++++++++++++++++++++++++++++- 2018/14xxx/CVE-2018-14721.json | 58 ++++++++++++++++++++++++++++- 2018/15xxx/CVE-2018-15490.json | 48 +++++++++++++++++++++++- 2018/19xxx/CVE-2018-19360.json | 63 ++++++++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19361.json | 63 ++++++++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19362.json | 63 ++++++++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19371.json | 53 +++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19478.json | 68 +++++++++++++++++++++++++++++++++- 2018/20xxx/CVE-2018-20100.json | 48 +++++++++++++++++++++++- 2018/20xxx/CVE-2018-20114.json | 48 +++++++++++++++++++++++- 2018/20xxx/CVE-2018-20166.json | 53 +++++++++++++++++++++++++- 2018/20xxx/CVE-2018-20211.json | 53 +++++++++++++++++++++++++- 2018/20xxx/CVE-2018-20326.json | 58 ++++++++++++++++++++++++++++- 2019/3xxx/CVE-2019-3578.json | 18 +++++++++ 2019/3xxx/CVE-2019-3579.json | 18 +++++++++ 18 files changed, 907 insertions(+), 32 deletions(-) create mode 100644 2019/3xxx/CVE-2019-3578.json create mode 100644 2019/3xxx/CVE-2019-3579.json diff --git a/2018/13xxx/CVE-2018-13045.json b/2018/13xxx/CVE-2018-13045.json index 6806be730cf..5a66d33051f 100644 --- a/2018/13xxx/CVE-2018-13045.json +++ b/2018/13xxx/CVE-2018-13045.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-13045", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "SQL injection vulnerability in the \"Bazar\" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the \"id\" parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "46015", + "refsource" : "EXPLOIT-DB", + "url" : "https://www.exploit-db.com/exploits/46015/" + }, + { + "name" : "http://packetstormsecurity.com/files/150848/Yeswiki-Cercopitheque-SQL-Injection.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/150848/Yeswiki-Cercopitheque-SQL-Injection.html" } ] } diff --git a/2018/14xxx/CVE-2018-14718.json b/2018/14xxx/CVE-2018-14718.json index 353a908afe7..02ad3d0814a 100644 --- a/2018/14xxx/CVE-2018-14718.json +++ b/2018/14xxx/CVE-2018-14718.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14718", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" + }, + { + "name" : "https://github.com/FasterXML/jackson-databind/issues/2097", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/issues/2097" + }, + { + "name" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7" } ] } diff --git a/2018/14xxx/CVE-2018-14719.json b/2018/14xxx/CVE-2018-14719.json index f87c0c670ca..2396a28ff14 100644 --- a/2018/14xxx/CVE-2018-14719.json +++ b/2018/14xxx/CVE-2018-14719.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14719", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" + }, + { + "name" : "https://github.com/FasterXML/jackson-databind/issues/2097", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/issues/2097" + }, + { + "name" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7" } ] } diff --git a/2018/14xxx/CVE-2018-14720.json b/2018/14xxx/CVE-2018-14720.json index 9c31f27721c..f5650b20ee5 100644 --- a/2018/14xxx/CVE-2018-14720.json +++ b/2018/14xxx/CVE-2018-14720.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14720", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" + }, + { + "name" : "https://github.com/FasterXML/jackson-databind/issues/2097", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/issues/2097" + }, + { + "name" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7" } ] } diff --git a/2018/14xxx/CVE-2018-14721.json b/2018/14xxx/CVE-2018-14721.json index a7735f42187..e9e22659450 100644 --- a/2018/14xxx/CVE-2018-14721.json +++ b/2018/14xxx/CVE-2018-14721.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14721", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" + }, + { + "name" : "https://github.com/FasterXML/jackson-databind/issues/2097", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/issues/2097" + }, + { + "name" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7" } ] } diff --git a/2018/15xxx/CVE-2018-15490.json b/2018/15xxx/CVE-2018-15490.json index 2c26d8d46c1..178150f9ad4 100644 --- a/2018/15xxx/CVE-2018-15490.json +++ b/2018/15xxx/CVE-2018-15490.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15490", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://medium.com/@Wflki/https-medium-com-wflki-cve-2018-15490-expressvpn-local-privilege-escalation-d22c86fecc47", + "refsource" : "MISC", + "url" : "https://medium.com/@Wflki/https-medium-com-wflki-cve-2018-15490-expressvpn-local-privilege-escalation-d22c86fecc47" } ] } diff --git a/2018/19xxx/CVE-2018-19360.json b/2018/19xxx/CVE-2018-19360.json index c5602636a4f..336bbae7e7f 100644 --- a/2018/19xxx/CVE-2018-19360.json +++ b/2018/19xxx/CVE-2018-19360.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19360", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b" + }, + { + "name" : "https://github.com/FasterXML/jackson-databind/issues/2186", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/issues/2186" + }, + { + "name" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8" + }, + { + "name" : "https://issues.apache.org/jira/browse/TINKERPOP-2121", + "refsource" : "CONFIRM", + "url" : "https://issues.apache.org/jira/browse/TINKERPOP-2121" } ] } diff --git a/2018/19xxx/CVE-2018-19361.json b/2018/19xxx/CVE-2018-19361.json index 6177afbaa0d..786194febcf 100644 --- a/2018/19xxx/CVE-2018-19361.json +++ b/2018/19xxx/CVE-2018-19361.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19361", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b" + }, + { + "name" : "https://github.com/FasterXML/jackson-databind/issues/2186", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/issues/2186" + }, + { + "name" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8" + }, + { + "name" : "https://issues.apache.org/jira/browse/TINKERPOP-2121", + "refsource" : "CONFIRM", + "url" : "https://issues.apache.org/jira/browse/TINKERPOP-2121" } ] } diff --git a/2018/19xxx/CVE-2018-19362.json b/2018/19xxx/CVE-2018-19362.json index c8cc58ee183..1ccaa97be0f 100644 --- a/2018/19xxx/CVE-2018-19362.json +++ b/2018/19xxx/CVE-2018-19362.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19362", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b" + }, + { + "name" : "https://github.com/FasterXML/jackson-databind/issues/2186", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson-databind/issues/2186" + }, + { + "name" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8", + "refsource" : "CONFIRM", + "url" : "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8" + }, + { + "name" : "https://issues.apache.org/jira/browse/TINKERPOP-2121", + "refsource" : "CONFIRM", + "url" : "https://issues.apache.org/jira/browse/TINKERPOP-2121" } ] } diff --git a/2018/19xxx/CVE-2018-19371.json b/2018/19xxx/CVE-2018-19371.json index 24f1c7e43d6..4cc32dfc45f 100644 --- a/2018/19xxx/CVE-2018-19371.json +++ b/2018/19xxx/CVE-2018-19371.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19371", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "46000", + "refsource" : "EXPLOIT-DB", + "url" : "https://www.exploit-db.com/exploits/46000/" + }, + { + "name" : "http://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html" } ] } diff --git a/2018/19xxx/CVE-2018-19478.json b/2018/19xxx/CVE-2018-19478.json index dd0181c6c35..8501f58c7c9 100644 --- a/2018/19xxx/CVE-2018-19478.json +++ b/2018/19xxx/CVE-2018-19478.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19478", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,48 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[debian-lts-announce] 20181227 [SECURITY] [DLA 1620-1] ghostscript security update", + "refsource" : "MLIST", + "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html" + }, + { + "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace", + "refsource" : "CONFIRM", + "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace" + }, + { + "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699856", + "refsource" : "CONFIRM", + "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699856" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1655607", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1655607" + }, + { + "name" : "https://www.ghostscript.com/doc/9.26/History9.htm", + "refsource" : "CONFIRM", + "url" : "https://www.ghostscript.com/doc/9.26/History9.htm" } ] } diff --git a/2018/20xxx/CVE-2018-20100.json b/2018/20xxx/CVE-2018-20100.json index d65f573a91a..a628970e732 100644 --- a/2018/20xxx/CVE-2018-20100.json +++ b/2018/20xxx/CVE-2018-20100.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20100", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://dojo.bullguard.com/dojo-by-bullguard/blog/august-connect/", + "refsource" : "MISC", + "url" : "https://dojo.bullguard.com/dojo-by-bullguard/blog/august-connect/" } ] } diff --git a/2018/20xxx/CVE-2018-20114.json b/2018/20xxx/CVE-2018-20114.json index 44f15079b63..352b204bc4a 100644 --- a/2018/20xxx/CVE-2018-20114.json +++ b/2018/20xxx/CVE-2018-20114.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20114", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an \"&&\" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-20114", + "refsource" : "MISC", + "url" : "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-20114" } ] } diff --git a/2018/20xxx/CVE-2018-20166.json b/2018/20xxx/CVE-2018-20166.json index 963acc4d939..34adc7360bf 100644 --- a/2018/20xxx/CVE-2018-20166.json +++ b/2018/20xxx/CVE-2018-20166.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20166", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in \".php\" with mixed case, such as the .pHp extension." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "46011", + "refsource" : "EXPLOIT-DB", + "url" : "https://www.exploit-db.com/exploits/46011" + }, + { + "name" : "https://pentest.com.tr/exploits/Rukovoditel-Project-Management-CRM-2-3-1-Authenticated-Remote-Code-Execution.html", + "refsource" : "MISC", + "url" : "https://pentest.com.tr/exploits/Rukovoditel-Project-Management-CRM-2-3-1-Authenticated-Remote-Code-Execution.html" } ] } diff --git a/2018/20xxx/CVE-2018-20211.json b/2018/20xxx/CVE-2018-20211.json index 92c6f837f34..20c027e08a1 100644 --- a/2018/20xxx/CVE-2018-20211.json +++ b/2018/20xxx/CVE-2018-20211.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20211", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\\par-%username%\\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181221 CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Dec/44" + }, + { + "name" : "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html" } ] } diff --git a/2018/20xxx/CVE-2018-20326.json b/2018/20xxx/CVE-2018-20326.json index 3fdfa62df7d..616db0d81bc 100644 --- a/2018/20xxx/CVE-2018-20326.json +++ b/2018/20xxx/CVE-2018-20326.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20326", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/150918/PLC-Wireless-Router-GPN2.4P21-C-CN-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/150918/PLC-Wireless-Router-GPN2.4P21-C-CN-Cross-Site-Scripting.html" + }, + { + "name" : "https://0dayfindings.home.blog/2018/12/26/plc-wireless-router-gpn2-4p21-c-cn-reflected-xss/", + "refsource" : "MISC", + "url" : "https://0dayfindings.home.blog/2018/12/26/plc-wireless-router-gpn2-4p21-c-cn-reflected-xss/" + }, + { + "name" : "https://youtu.be/TwNi05yfQks", + "refsource" : "MISC", + "url" : "https://youtu.be/TwNi05yfQks" } ] } diff --git a/2019/3xxx/CVE-2019-3578.json b/2019/3xxx/CVE-2019-3578.json new file mode 100644 index 00000000000..227f7149be4 --- /dev/null +++ b/2019/3xxx/CVE-2019-3578.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-3578", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2019/3xxx/CVE-2019-3579.json b/2019/3xxx/CVE-2019-3579.json new file mode 100644 index 00000000000..2072d532482 --- /dev/null +++ b/2019/3xxx/CVE-2019-3579.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-3579", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}