From 523e6f8a892527bd9a6c2fe8b7af89be71182b6b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 16 Oct 2018 18:05:10 -0400 Subject: [PATCH] - Synchronized data. --- 2018/11xxx/CVE-2018-11019.json | 53 ++++++++++++++++++++++++++++++++-- 2018/11xxx/CVE-2018-11020.json | 53 ++++++++++++++++++++++++++++++++-- 2018/11xxx/CVE-2018-11021.json | 53 ++++++++++++++++++++++++++++++++-- 2018/11xxx/CVE-2018-11022.json | 48 ++++++++++++++++++++++++++++-- 2018/11xxx/CVE-2018-11023.json | 48 ++++++++++++++++++++++++++++-- 2018/11xxx/CVE-2018-11024.json | 48 ++++++++++++++++++++++++++++-- 2018/11xxx/CVE-2018-11025.json | 48 ++++++++++++++++++++++++++++-- 2018/14xxx/CVE-2018-14772.json | 48 ++++++++++++++++++++++++++++-- 2018/18xxx/CVE-2018-18307.json | 48 ++++++++++++++++++++++++++++-- 2018/18xxx/CVE-2018-18308.json | 48 ++++++++++++++++++++++++++++-- 2018/18xxx/CVE-2018-18405.json | 18 ++++++++++++ 2018/18xxx/CVE-2018-18406.json | 18 ++++++++++++ 12 files changed, 511 insertions(+), 20 deletions(-) create mode 100644 2018/18xxx/CVE-2018-18405.json create mode 100644 2018/18xxx/CVE-2018-18406.json diff --git a/2018/11xxx/CVE-2018-11019.json b/2018/11xxx/CVE-2018-11019.json index 13d7e38c66a..e671028282c 100644 --- a/2018/11xxx/CVE-2018-11019.json +++ b/2018/11xxx/CVE-2018-11019.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11019", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11019.md", + "refsource" : "MISC", + "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11019.md" + }, + { + "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md", + "refsource" : "MISC", + "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md" } ] } diff --git a/2018/11xxx/CVE-2018-11020.json b/2018/11xxx/CVE-2018-11020.json index 5ec30a48611..9e7ac65832f 100644 --- a/2018/11xxx/CVE-2018-11020.json +++ b/2018/11xxx/CVE-2018-11020.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11020", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11020.md", + "refsource" : "MISC", + "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11020.md" + }, + { + "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md", + "refsource" : "MISC", + "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md" } ] } diff --git a/2018/11xxx/CVE-2018-11021.json b/2018/11xxx/CVE-2018-11021.json index ebc02df42db..e67c39e3ecf 100644 --- a/2018/11xxx/CVE-2018-11021.json +++ b/2018/11xxx/CVE-2018-11021.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11021", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/dsscomp with the command 1118064517 and cause a kernel crash." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11021.md", + "refsource" : "MISC", + "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11021.md" + }, + { + "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md", + "refsource" : "MISC", + "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md" } ] } diff --git a/2018/11xxx/CVE-2018-11022.json b/2018/11xxx/CVE-2018-11022.json index d9376fca78a..de0b1c913b1 100644 --- a/2018/11xxx/CVE-2018-11022.json +++ b/2018/11xxx/CVE-2018-11022.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11022", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md", + "refsource" : "MISC", + "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md" } ] } diff --git a/2018/11xxx/CVE-2018-11023.json b/2018/11xxx/CVE-2018-11023.json index e8faa6c5164..ce3cbceed48 100644 --- a/2018/11xxx/CVE-2018-11023.json +++ b/2018/11xxx/CVE-2018-11023.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11023", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3222560159 and cause a kernel crash." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md", + "refsource" : "MISC", + "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md" } ] } diff --git a/2018/11xxx/CVE-2018-11024.json b/2018/11xxx/CVE-2018-11024.json index 3bb13f3ccbc..4fd87e44737 100644 --- a/2018/11xxx/CVE-2018-11024.json +++ b/2018/11xxx/CVE-2018-11024.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11024", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a kernel crash." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md", + "refsource" : "MISC", + "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md" } ] } diff --git a/2018/11xxx/CVE-2018-11025.json b/2018/11xxx/CVE-2018-11025.json index fa13753f03d..7102f48a9b1 100644 --- a/2018/11xxx/CVE-2018-11025.json +++ b/2018/11xxx/CVE-2018-11025.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11025", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md", + "refsource" : "MISC", + "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md" } ] } diff --git a/2018/14xxx/CVE-2018-14772.json b/2018/14xxx/CVE-2018-14772.json index 50f586a60a0..9c2cd27f197 100644 --- a/2018/14xxx/CVE-2018-14772.json +++ b/2018/14xxx/CVE-2018-14772.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14772", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://coastalsec.io/cve-2018-14772-remote-code-execution", + "refsource" : "MISC", + "url" : "http://coastalsec.io/cve-2018-14772-remote-code-execution" } ] } diff --git a/2018/18xxx/CVE-2018-18307.json b/2018/18xxx/CVE-2018-18307.json index 7ba1a52c230..82fb679a7f8 100644 --- a/2018/18xxx/CVE-2018-18307.json +++ b/2018/18xxx/CVE-2018-18307.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-18307", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html" } ] } diff --git a/2018/18xxx/CVE-2018-18308.json b/2018/18xxx/CVE-2018-18308.json index af7baa26a1c..27fcbe3f9aa 100644 --- a/2018/18xxx/CVE-2018-18308.json +++ b/2018/18xxx/CVE-2018-18308.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-18308", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149788/BigTree-CMS-4.2.23-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149788/BigTree-CMS-4.2.23-Cross-Site-Scripting.html" } ] } diff --git a/2018/18xxx/CVE-2018-18405.json b/2018/18xxx/CVE-2018-18405.json new file mode 100644 index 00000000000..55eef7b4327 --- /dev/null +++ b/2018/18xxx/CVE-2018-18405.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18405", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/18xxx/CVE-2018-18406.json b/2018/18xxx/CVE-2018-18406.json new file mode 100644 index 00000000000..4000c9d915a --- /dev/null +++ b/2018/18xxx/CVE-2018-18406.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18406", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}