diff --git a/2012/3xxx/CVE-2012-3448.json b/2012/3xxx/CVE-2012-3448.json index 1c6ee5cc614..8134aae11b5 100644 --- a/2012/3xxx/CVE-2012-3448.json +++ b/2012/3xxx/CVE-2012-3448.json @@ -77,6 +77,11 @@ "refsource" : "CONFIRM", "url" : "http://ganglia.info/?p=549" }, + { + "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html", + "refsource" : "CONFIRM", + "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html" + }, { "name" : "DSA-2610", "refsource" : "DEBIAN", diff --git a/2018/13xxx/CVE-2018-13416.json b/2018/13xxx/CVE-2018-13416.json index 94c81f5814d..0378c37e99f 100644 --- a/2018/13xxx/CVE-2018-13416.json +++ b/2018/13xxx/CVE-2018-13416.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-13416", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running UMS, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180731 Out-of-Band XXE in Universal Media Server's SSDP Processing", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jul/94" } ] } diff --git a/2018/14xxx/CVE-2018-14574.json b/2018/14xxx/CVE-2018-14574.json index 4be8fb20db9..354bfab5719 100644 --- a/2018/14xxx/CVE-2018-14574.json +++ b/2018/14xxx/CVE-2018-14574.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14574", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/", + "refsource" : "CONFIRM", + "url" : "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/" + }, + { + "name" : "USN-3726-1", + "refsource" : "UBUNTU", + "url" : "https://usn.ubuntu.com/3726-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14773.json b/2018/14xxx/CVE-2018-14773.json index 0894ac38d8c..4bd1136cf56 100644 --- a/2018/14xxx/CVE-2018-14773.json +++ b/2018/14xxx/CVE-2018-14773.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14773", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,48 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects \\Symfony\\Component\\HttpFoundation\\Request::prepareRequestUri() where X-Original-URL and X_REWRITE_URL are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b", + "refsource" : "CONFIRM", + "url" : "https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b" + }, + { + "name" : "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers", + "refsource" : "CONFIRM", + "url" : "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers" + }, + { + "name" : "https://www.drupal.org/SA-CORE-2018-005", + "refsource" : "CONFIRM", + "url" : "https://www.drupal.org/SA-CORE-2018-005" + }, + { + "name" : "104943", + "refsource" : "BID", + "url" : "http://www.securityfocus.com/bid/104943" + }, + { + "name" : "1041405", + "refsource" : "SECTRACK", + "url" : "http://www.securitytracker.com/id/1041405" } ] } diff --git a/2018/14xxx/CVE-2018-14774.json b/2018/14xxx/CVE-2018-14774.json index c561be2d6c5..c014762ecb1 100644 --- a/2018/14xxx/CVE-2018-14774.json +++ b/2018/14xxx/CVE-2018-14774.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14774", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a", + "refsource" : "CONFIRM", + "url" : "https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a" + }, + { + "name" : "https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache", + "refsource" : "CONFIRM", + "url" : "https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache" } ] } diff --git a/2018/14xxx/CVE-2018-14898.json b/2018/14xxx/CVE-2018-14898.json new file mode 100644 index 00000000000..6d03e9712ce --- /dev/null +++ b/2018/14xxx/CVE-2018-14898.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14898", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14899.json b/2018/14xxx/CVE-2018-14899.json new file mode 100644 index 00000000000..f62ab9f12c9 --- /dev/null +++ b/2018/14xxx/CVE-2018-14899.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14899", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14900.json b/2018/14xxx/CVE-2018-14900.json new file mode 100644 index 00000000000..1270ffed6f9 --- /dev/null +++ b/2018/14xxx/CVE-2018-14900.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14900", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14901.json b/2018/14xxx/CVE-2018-14901.json new file mode 100644 index 00000000000..01c4334010f --- /dev/null +++ b/2018/14xxx/CVE-2018-14901.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14901", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14902.json b/2018/14xxx/CVE-2018-14902.json new file mode 100644 index 00000000000..e36533217eb --- /dev/null +++ b/2018/14xxx/CVE-2018-14902.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14902", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14903.json b/2018/14xxx/CVE-2018-14903.json new file mode 100644 index 00000000000..7d99cd81c0f --- /dev/null +++ b/2018/14xxx/CVE-2018-14903.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14903", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14904.json b/2018/14xxx/CVE-2018-14904.json new file mode 100644 index 00000000000..7034a5786da --- /dev/null +++ b/2018/14xxx/CVE-2018-14904.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14904", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14905.json b/2018/14xxx/CVE-2018-14905.json new file mode 100644 index 00000000000..7cf392a13c5 --- /dev/null +++ b/2018/14xxx/CVE-2018-14905.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14905", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14906.json b/2018/14xxx/CVE-2018-14906.json new file mode 100644 index 00000000000..91d7795fe76 --- /dev/null +++ b/2018/14xxx/CVE-2018-14906.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14906", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14907.json b/2018/14xxx/CVE-2018-14907.json new file mode 100644 index 00000000000..c2e399dd670 --- /dev/null +++ b/2018/14xxx/CVE-2018-14907.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14907", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14908.json b/2018/14xxx/CVE-2018-14908.json new file mode 100644 index 00000000000..71e83c37fd0 --- /dev/null +++ b/2018/14xxx/CVE-2018-14908.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14908", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}