From 54d8a2a609822ade1fd6e5c9cb09345b2b1ccba3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 15 Sep 2018 17:03:21 -0400 Subject: [PATCH] - Synchronized data. --- 2018/17xxx/CVE-2018-17063.json | 62 ++++++++++++++++++++++++++++++++++ 2018/17xxx/CVE-2018-17064.json | 62 ++++++++++++++++++++++++++++++++++ 2018/17xxx/CVE-2018-17065.json | 62 ++++++++++++++++++++++++++++++++++ 2018/17xxx/CVE-2018-17066.json | 62 ++++++++++++++++++++++++++++++++++ 2018/17xxx/CVE-2018-17067.json | 62 ++++++++++++++++++++++++++++++++++ 2018/17xxx/CVE-2018-17068.json | 62 ++++++++++++++++++++++++++++++++++ 2018/17xxx/CVE-2018-17069.json | 62 ++++++++++++++++++++++++++++++++++ 2018/17xxx/CVE-2018-17070.json | 62 ++++++++++++++++++++++++++++++++++ 8 files changed, 496 insertions(+) create mode 100644 2018/17xxx/CVE-2018-17063.json create mode 100644 2018/17xxx/CVE-2018-17064.json create mode 100644 2018/17xxx/CVE-2018-17065.json create mode 100644 2018/17xxx/CVE-2018-17066.json create mode 100644 2018/17xxx/CVE-2018-17067.json create mode 100644 2018/17xxx/CVE-2018-17068.json create mode 100644 2018/17xxx/CVE-2018-17069.json create mode 100644 2018/17xxx/CVE-2018-17070.json diff --git a/2018/17xxx/CVE-2018-17063.json b/2018/17xxx/CVE-2018-17063.json new file mode 100644 index 00000000000..df5ec8cdbb9 --- /dev/null +++ b/2018/17xxx/CVE-2018-17063.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17063", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_3", + "refsource" : "MISC", + "url" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_3" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17064.json b/2018/17xxx/CVE-2018-17064.json new file mode 100644 index 00000000000..0f5abd6a9be --- /dev/null +++ b/2018/17xxx/CVE-2018-17064.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17064", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_2", + "refsource" : "MISC", + "url" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_2" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17065.json b/2018/17xxx/CVE-2018-17065.json new file mode 100644 index 00000000000..32b98f7ad80 --- /dev/null +++ b/2018/17xxx/CVE-2018-17065.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17065", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/stack_overflow_1", + "refsource" : "MISC", + "url" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/stack_overflow_1" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17066.json b/2018/17xxx/CVE-2018-17066.json new file mode 100644 index 00000000000..7a0d9b0e14f --- /dev/null +++ b/2018/17xxx/CVE-2018-17066.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17066", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_0", + "refsource" : "MISC", + "url" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_0" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17067.json b/2018/17xxx/CVE-2018-17067.json new file mode 100644 index 00000000000..a646dd60167 --- /dev/null +++ b/2018/17xxx/CVE-2018-17067.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17067", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/stack_overflow_0", + "refsource" : "MISC", + "url" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/stack_overflow_0" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17068.json b/2018/17xxx/CVE-2018-17068.json new file mode 100644 index 00000000000..01a61c85812 --- /dev/null +++ b/2018/17xxx/CVE-2018-17068.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17068", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_1", + "refsource" : "MISC", + "url" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_1" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17069.json b/2018/17xxx/CVE-2018-17069.json new file mode 100644 index 00000000000..b56dafc3000 --- /dev/null +++ b/2018/17xxx/CVE-2018-17069.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17069", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/unlcms/UNL-CMS/issues/941", + "refsource" : "MISC", + "url" : "https://github.com/unlcms/UNL-CMS/issues/941" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17070.json b/2018/17xxx/CVE-2018-17070.json new file mode 100644 index 00000000000..b7e4c9457ae --- /dev/null +++ b/2018/17xxx/CVE-2018-17070.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17070", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the website settings via ?q=admin%2Fconfig%2Fsystem%2Fsite-information&render=overlay&render=overlay." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/unlcms/UNL-CMS/issues/941", + "refsource" : "MISC", + "url" : "https://github.com/unlcms/UNL-CMS/issues/941" + } + ] + } +}