diff --git a/2017/18xxx/CVE-2017-18245.json b/2017/18xxx/CVE-2017-18245.json new file mode 100644 index 00000000000..dcc7e06277c --- /dev/null +++ b/2017/18xxx/CVE-2017-18245.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2017-18245", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1094" + } + ] + } +} diff --git a/2017/18xxx/CVE-2017-18246.json b/2017/18xxx/CVE-2017-18246.json new file mode 100644 index 00000000000..36967506dba --- /dev/null +++ b/2017/18xxx/CVE-2017-18246.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2017-18246", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1095" + } + ] + } +} diff --git a/2017/18xxx/CVE-2017-18247.json b/2017/18xxx/CVE-2017-18247.json new file mode 100644 index 00000000000..0c71733a609 --- /dev/null +++ b/2017/18xxx/CVE-2017-18247.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2017-18247", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted media file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1089" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000136.json b/2018/1000xxx/CVE-2018-1000136.json index a94807fd724..53ddc71844b 100644 --- a/2018/1000xxx/CVE-2018-1000136.json +++ b/2018/1000xxx/CVE-2018-1000136.json @@ -1 +1,62 @@ -{"data_version":"4.0","references":{"reference_data":[{"url":"https://www.electronjs.org/blog/webview-fix"}]},"description":{"description_data":[{"lang":"eng","value":"Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"1.7 up to 1.7.12; 1.8 up to 1.8.3; 2.0.0 up to 2.0.0-beta.3"}]},"product_name":"Electron"}]},"vendor_name":"Electron"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"3/11/2018 1:47:04","ID":"CVE-2018-1000136","ASSIGNER":"kurt@seifried.org","REQUESTER":"security@electronjs.org"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-229: Improper Handling of Values"}]}]}} +{ + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "3/11/2018 1:47:04", + "ID" : "CVE-2018-1000136", + "REQUESTER" : "security@electronjs.org", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Electron", + "version" : { + "version_data" : [ + { + "version_value" : "1.7 up to 1.7.12; 1.8 up to 1.8.3; 2.0.0 up to 2.0.0-beta.3" + } + ] + } + } + ] + }, + "vendor_name" : "Electron" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-229: Improper Handling of Values" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.electronjs.org/blog/webview-fix" + } + ] + } +} diff --git a/2018/8xxx/CVE-2018-8953.json b/2018/8xxx/CVE-2018-8953.json new file mode 100644 index 00000000000..466c5166eb1 --- /dev/null +++ b/2018/8xxx/CVE-2018-8953.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-8953", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/8xxx/CVE-2018-8954.json b/2018/8xxx/CVE-2018-8954.json new file mode 100644 index 00000000000..502ac471d47 --- /dev/null +++ b/2018/8xxx/CVE-2018-8954.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-8954", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/8xxx/CVE-2018-8955.json b/2018/8xxx/CVE-2018-8955.json new file mode 100644 index 00000000000..827fb5d7126 --- /dev/null +++ b/2018/8xxx/CVE-2018-8955.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-8955", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}