From 52492b3afc467305d39ec2e2252856d5146b6688 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 3 Dec 2018 14:03:48 -0500 Subject: [PATCH] - Synchronized data. --- 2018/15xxx/CVE-2018-15716.json | 2 +- 2018/19xxx/CVE-2018-19826.json | 48 ++++++++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19827.json | 48 ++++++++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19835.json | 48 ++++++++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19836.json | 48 ++++++++++++++++++++++++++++++++-- 5 files changed, 185 insertions(+), 9 deletions(-) diff --git a/2018/15xxx/CVE-2018-15716.json b/2018/15xxx/CVE-2018-15716.json index bae8fcabaae..ff2b0e8b0b8 100644 --- a/2018/15xxx/CVE-2018-15716.json +++ b/2018/15xxx/CVE-2018-15716.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "NUUO NVRMini2 version 3.10.0 and earlier is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root." + "value" : "NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root." } ] }, diff --git a/2018/19xxx/CVE-2018-19826.json b/2018/19xxx/CVE-2018-19826.json index 77f0d72277f..f3d33597e20 100644 --- a/2018/19xxx/CVE-2018-19826.json +++ b/2018/19xxx/CVE-2018-19826.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19826", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/sass/libsass/issues/2781", + "refsource" : "MISC", + "url" : "https://github.com/sass/libsass/issues/2781" } ] } diff --git a/2018/19xxx/CVE-2018-19827.json b/2018/19xxx/CVE-2018-19827.json index d755597bce4..891273266df 100644 --- a/2018/19xxx/CVE-2018-19827.json +++ b/2018/19xxx/CVE-2018-19827.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19827", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/sass/libsass/issues/2782", + "refsource" : "MISC", + "url" : "https://github.com/sass/libsass/issues/2782" } ] } diff --git a/2018/19xxx/CVE-2018-19835.json b/2018/19xxx/CVE-2018-19835.json index 2b55eb68764..8e4418006c7 100644 --- a/2018/19xxx/CVE-2018-19835.json +++ b/2018/19xxx/CVE-2018-19835.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19835", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/imagemlt/metinfo/tree/master/reflected_xss_bypass_chrome", + "refsource" : "MISC", + "url" : "https://github.com/imagemlt/metinfo/tree/master/reflected_xss_bypass_chrome" } ] } diff --git a/2018/19xxx/CVE-2018-19836.json b/2018/19xxx/CVE-2018-19836.json index 51fb04b5580..246d56a702d 100644 --- a/2018/19xxx/CVE-2018-19836.json +++ b/2018/19xxx/CVE-2018-19836.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19836", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/imagemlt/metinfo/tree/master/reflected_xss_bypass_chrome", + "refsource" : "MISC", + "url" : "https://github.com/imagemlt/metinfo/tree/master/reflected_xss_bypass_chrome" } ] }