From 1d2abb3bcda21115a28640b563b8cf5917a904a0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 25 Jun 2018 14:02:58 -0400 Subject: [PATCH] - Synchronized data. --- 2018/11xxx/CVE-2018-11587.json | 58 ++++++++++++++++++++++++- 2018/11xxx/CVE-2018-11588.json | 63 ++++++++++++++++++++++++++- 2018/11xxx/CVE-2018-11589.json | 78 +++++++++++++++++++++++++++++++++- 2018/12xxx/CVE-2018-12739.json | 18 ++++++++ 2018/9xxx/CVE-2018-9163.json | 2 +- 5 files changed, 212 insertions(+), 7 deletions(-) create mode 100644 2018/12xxx/CVE-2018-12739.json diff --git a/2018/11xxx/CVE-2018-11587.json b/2018/11xxx/CVE-2018-11587.json index 448ed361d1b..cc9a8bfcbe8 100644 --- a/2018/11xxx/CVE-2018-11587.json +++ b/2018/11xxx/CVE-2018-11587.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11587", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html", + "refsource" : "CONFIRM", + "url" : "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html" + }, + { + "name" : "https://github.com/centreon/centreon/pull/6263", + "refsource" : "CONFIRM", + "url" : "https://github.com/centreon/centreon/pull/6263" + }, + { + "name" : "https://github.com/centreon/centreon/releases", + "refsource" : "CONFIRM", + "url" : "https://github.com/centreon/centreon/releases" } ] } diff --git a/2018/11xxx/CVE-2018-11588.json b/2018/11xxx/CVE-2018-11588.json index 6173ea2ebe7..e66b469b22e 100644 --- a/2018/11xxx/CVE-2018-11588.json +++ b/2018/11xxx/CVE-2018-11588.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11588", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html", + "refsource" : "CONFIRM", + "url" : "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html" + }, + { + "name" : "https://github.com/centreon/centreon/pull/6259", + "refsource" : "CONFIRM", + "url" : "https://github.com/centreon/centreon/pull/6259" + }, + { + "name" : "https://github.com/centreon/centreon/pull/6260", + "refsource" : "CONFIRM", + "url" : "https://github.com/centreon/centreon/pull/6260" + }, + { + "name" : "https://github.com/centreon/centreon/releases", + "refsource" : "CONFIRM", + "url" : "https://github.com/centreon/centreon/releases" } ] } diff --git a/2018/11xxx/CVE-2018-11589.json b/2018/11xxx/CVE-2018-11589.json index 034a43ebadb..db32f43efdc 100644 --- a/2018/11xxx/CVE-2018-11589.json +++ b/2018/11xxx/CVE-2018-11589.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11589", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,58 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html", + "refsource" : "CONFIRM", + "url" : "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html" + }, + { + "name" : "https://github.com/centreon/centreon/pull/6250", + "refsource" : "CONFIRM", + "url" : "https://github.com/centreon/centreon/pull/6250" + }, + { + "name" : "https://github.com/centreon/centreon/pull/6251", + "refsource" : "CONFIRM", + "url" : "https://github.com/centreon/centreon/pull/6251" + }, + { + "name" : "https://github.com/centreon/centreon/pull/6255", + "refsource" : "CONFIRM", + "url" : "https://github.com/centreon/centreon/pull/6255" + }, + { + "name" : "https://github.com/centreon/centreon/pull/6256", + "refsource" : "CONFIRM", + "url" : "https://github.com/centreon/centreon/pull/6256" + }, + { + "name" : "https://github.com/centreon/centreon/pull/6257", + "refsource" : "CONFIRM", + "url" : "https://github.com/centreon/centreon/pull/6257" + }, + { + "name" : "https://github.com/centreon/centreon/releases", + "refsource" : "CONFIRM", + "url" : "https://github.com/centreon/centreon/releases" } ] } diff --git a/2018/12xxx/CVE-2018-12739.json b/2018/12xxx/CVE-2018-12739.json new file mode 100644 index 00000000000..a0b5dd96371 --- /dev/null +++ b/2018/12xxx/CVE-2018-12739.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-12739", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/9xxx/CVE-2018-9163.json b/2018/9xxx/CVE-2018-9163.json index 0fa6aa204c6..7789a1252d8 100644 --- a/2018/9xxx/CVE-2018-9163.json +++ b/2018/9xxx/CVE-2018-9163.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus 5.3 (Build 5330) and earlier allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do." + "value" : "A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do." } ] },