diff --git a/2016/9xxx/CVE-2016-9586.json b/2016/9xxx/CVE-2016-9586.json index 7ccaf31c2d6..fdf37524ce8 100644 --- a/2016/9xxx/CVE-2016-9586.json +++ b/2016/9xxx/CVE-2016-9586.json @@ -1,75 +1,88 @@ { - "impact": { - "cvss": [ - [ - { - "vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - ], - [ - { - "vectorString": "2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P", - "version": "2.0" - } + "CVE_data_meta" : { + "ASSIGNER" : "lpardo@redhat.com", + "ID" : "CVE-2016-9586", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "curl", + "version" : { + "version_data" : [ + { + "version_value" : "curl 7.52.0" + } + ] + } + } + ] + }, + "vendor_name" : "redhat" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version" : "3.0" + } + ], + [ + { + "vectorString" : "2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P", + "version" : "2.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-122" + } ] - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "curl 7.52.0" - } - ] - }, - "product_name": "curl" - } - ] - }, - "vendor_name": "redhat" - } - ] - } - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-122" - } - ] - } - ] - }, - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586" - } - ] - }, - "CVE_data_meta": { - "ID": "CVE-2016-9586", - "ASSIGNER": "lpardo@redhat.com" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", + "refsource" : "MISC", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586" + }, + { + "name" : "https://curl.haxx.se/docs/adv_20161221A.html", + "refsource" : "CONFIRM", + "url" : "https://curl.haxx.se/docs/adv_20161221A.html" + }, + { + "name" : "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", + "refsource" : "CONFIRM", + "url" : "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16" + } + ] + } } diff --git a/2017/17xxx/CVE-2017-17833.json b/2017/17xxx/CVE-2017-17833.json index f09b52b29e1..12ffb019fb5 100644 --- a/2017/17xxx/CVE-2017-17833.json +++ b/2017/17xxx/CVE-2017-17833.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-17833", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://support.lenovo.com/us/en/solutions/LEN-18247", + "refsource" : "CONFIRM", + "url" : "http://support.lenovo.com/us/en/solutions/LEN-18247" + }, + { + "name" : "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/", + "refsource" : "CONFIRM", + "url" : "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/" } ] } diff --git a/2018/10xxx/CVE-2018-10300.json b/2018/10xxx/CVE-2018-10300.json index 93e06cf64d1..7bbc975e3ea 100644 --- a/2018/10xxx/CVE-2018-10300.json +++ b/2018/10xxx/CVE-2018-10300.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-10300", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271", + "refsource" : "MISC", + "url" : "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271" } ] } diff --git a/2018/10xxx/CVE-2018-10301.json b/2018/10xxx/CVE-2018-10301.json index 590db7c1baf..0be3ed0f8a6 100644 --- a/2018/10xxx/CVE-2018-10301.json +++ b/2018/10xxx/CVE-2018-10301.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-10301", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271", + "refsource" : "MISC", + "url" : "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271" } ] } diff --git a/2018/8xxx/CVE-2018-8880.json b/2018/8xxx/CVE-2018-8880.json index 02076bbeba8..cdfed9382e0 100644 --- a/2018/8xxx/CVE-2018-8880.json +++ b/2018/8xxx/CVE-2018-8880.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-8880", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "44488", + "refsource" : "EXPLOIT-DB", + "url" : "https://www.exploit-db.com/exploits/44488/" + }, + { + "name" : "http://sadfud.me/explotos/deviceip.txt", + "refsource" : "MISC", + "url" : "http://sadfud.me/explotos/deviceip.txt" } ] } diff --git a/2018/9xxx/CVE-2018-9921.json b/2018/9xxx/CVE-2018-9921.json index e407550dc81..40da9a0c99a 100644 --- a/2018/9xxx/CVE-2018-9921.json +++ b/2018/9xxx/CVE-2018-9921.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-9921", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://gist.github.com/0xn1k5/ef4c7c7a26c7d8a803ef3a85f1000c98", + "refsource" : "MISC", + "url" : "https://gist.github.com/0xn1k5/ef4c7c7a26c7d8a803ef3a85f1000c98" } ] }