diff --git a/2018/19xxx/CVE-2018-19999.json b/2018/19xxx/CVE-2018-19999.json new file mode 100644 index 00000000000..ed0c60fcde7 --- /dev/null +++ b/2018/19xxx/CVE-2018-19999.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19999", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20000.json b/2018/20xxx/CVE-2018-20000.json new file mode 100644 index 00000000000..832aba5322b --- /dev/null +++ b/2018/20xxx/CVE-2018-20000.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20000", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3", + "refsource" : "MISC", + "url" : "https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3" + }, + { + "name" : "https://github.com/Bedework/bw-webdav/pull/1", + "refsource" : "MISC", + "url" : "https://github.com/Bedework/bw-webdav/pull/1" + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20001.json b/2018/20xxx/CVE-2018-20001.json new file mode 100644 index 00000000000..806104f79c0 --- /dev/null +++ b/2018/20xxx/CVE-2018-20001.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20001", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.libav.org/show_bug.cgi?id=1141", + "refsource" : "MISC", + "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1141" + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20002.json b/2018/20xxx/CVE-2018-20002.json new file mode 100644 index 00000000000..d034a53c21f --- /dev/null +++ b/2018/20xxx/CVE-2018-20002.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20002", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", + "refsource" : "MISC", + "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23952" + }, + { + "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", + "refsource" : "MISC", + "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9" + } + ] + } +}