From 5dbd4037f776a82892a0bcdba75b96454a25239f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 12 Dec 2018 04:44:20 -0500 Subject: [PATCH] - Synchronized data. --- 2018/18xxx/CVE-2018-18397.json | 68 +++++++++++++++++++++++++++++++++- 2018/20xxx/CVE-2018-20092.json | 18 +++++++++ 2018/20xxx/CVE-2018-20093.json | 18 +++++++++ 2018/20xxx/CVE-2018-20094.json | 62 +++++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20095.json | 62 +++++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20096.json | 67 +++++++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20098.json | 67 +++++++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20099.json | 67 +++++++++++++++++++++++++++++++++ 8 files changed, 427 insertions(+), 2 deletions(-) create mode 100644 2018/20xxx/CVE-2018-20092.json create mode 100644 2018/20xxx/CVE-2018-20093.json create mode 100644 2018/20xxx/CVE-2018-20094.json create mode 100644 2018/20xxx/CVE-2018-20095.json create mode 100644 2018/20xxx/CVE-2018-20096.json create mode 100644 2018/20xxx/CVE-2018-20098.json create mode 100644 2018/20xxx/CVE-2018-20099.json diff --git a/2018/18xxx/CVE-2018-18397.json b/2018/18xxx/CVE-2018-18397.json index 26629fa4303..015314a318d 100644 --- a/2018/18xxx/CVE-2018-18397.json +++ b/2018/18xxx/CVE-2018-18397.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-18397", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,48 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1", + "refsource" : "MISC", + "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1" + }, + { + "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1700", + "refsource" : "MISC", + "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1700" + }, + { + "name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87", + "refsource" : "MISC", + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87" + }, + { + "name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7", + "refsource" : "MISC", + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7" + }, + { + "name" : "https://github.com/torvalds/linux/commit/29ec90660d68bbdd69507c1c8b4e33aa299278b1", + "refsource" : "MISC", + "url" : "https://github.com/torvalds/linux/commit/29ec90660d68bbdd69507c1c8b4e33aa299278b1" } ] } diff --git a/2018/20xxx/CVE-2018-20092.json b/2018/20xxx/CVE-2018-20092.json new file mode 100644 index 00000000000..ca904c643dd --- /dev/null +++ b/2018/20xxx/CVE-2018-20092.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20092", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20093.json b/2018/20xxx/CVE-2018-20093.json new file mode 100644 index 00000000000..617f828f580 --- /dev/null +++ b/2018/20xxx/CVE-2018-20093.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20093", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20094.json b/2018/20xxx/CVE-2018-20094.json new file mode 100644 index 00000000000..0d3e5b528f2 --- /dev/null +++ b/2018/20xxx/CVE-2018-20094.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20094", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/xuxueli/xxl-conf/issues/61", + "refsource" : "MISC", + "url" : "https://github.com/xuxueli/xxl-conf/issues/61" + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20095.json b/2018/20xxx/CVE-2018-20095.json new file mode 100644 index 00000000000..d6ce5b53eca --- /dev/null +++ b/2018/20xxx/CVE-2018-20095.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20095", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/axiomatic-systems/Bento4/issues/341", + "refsource" : "MISC", + "url" : "https://github.com/axiomatic-systems/Bento4/issues/341" + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20096.json b/2018/20xxx/CVE-2018-20096.json new file mode 100644 index 00000000000..411e7da97ad --- /dev/null +++ b/2018/20xxx/CVE-2018-20096.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20096", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/Exiv2/exiv2/issues/590", + "refsource" : "MISC", + "url" : "https://github.com/Exiv2/exiv2/issues/590" + }, + { + "name" : "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206", + "refsource" : "MISC", + "url" : "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206" + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20098.json b/2018/20xxx/CVE-2018-20098.json new file mode 100644 index 00000000000..f0883eabd73 --- /dev/null +++ b/2018/20xxx/CVE-2018-20098.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20098", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/Exiv2/exiv2/issues/590", + "refsource" : "MISC", + "url" : "https://github.com/Exiv2/exiv2/issues/590" + }, + { + "name" : "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206", + "refsource" : "MISC", + "url" : "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206" + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20099.json b/2018/20xxx/CVE-2018-20099.json new file mode 100644 index 00000000000..a7120318893 --- /dev/null +++ b/2018/20xxx/CVE-2018-20099.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20099", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/Exiv2/exiv2/issues/590", + "refsource" : "MISC", + "url" : "https://github.com/Exiv2/exiv2/issues/590" + }, + { + "name" : "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206", + "refsource" : "MISC", + "url" : "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206" + } + ] + } +}