From 64773b36b98d5b636292973b45b7e8d0ea68c6ca Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 8 Oct 2018 12:06:38 -0400 Subject: [PATCH] - Synchronized data. --- 2018/16xxx/CVE-2018-16291.json | 53 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16292.json | 53 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16293.json | 53 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16294.json | 53 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16295.json | 53 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16296.json | 53 +++++++++++++++++++++++++++++-- 2018/16xxx/CVE-2018-16297.json | 53 +++++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17060.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17440.json | 58 ++++++++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17441.json | 58 ++++++++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17442.json | 58 ++++++++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17443.json | 58 ++++++++++++++++++++++++++++++++-- 2018/18xxx/CVE-2018-18056.json | 18 +++++++++++ 2018/18xxx/CVE-2018-18057.json | 18 +++++++++++ 2018/18xxx/CVE-2018-18058.json | 18 +++++++++++ 2018/18xxx/CVE-2018-18059.json | 18 +++++++++++ 2018/18xxx/CVE-2018-18060.json | 18 +++++++++++ 2018/18xxx/CVE-2018-18061.json | 18 +++++++++++ 2018/18xxx/CVE-2018-18062.json | 18 +++++++++++ 2018/18xxx/CVE-2018-18063.json | 18 +++++++++++ 2018/3xxx/CVE-2018-3940.json | 2 ++ 2018/3xxx/CVE-2018-3941.json | 2 ++ 2018/3xxx/CVE-2018-3942.json | 2 ++ 2018/3xxx/CVE-2018-3945.json | 2 ++ 2018/3xxx/CVE-2018-3992.json | 2 ++ 2018/3xxx/CVE-2018-3996.json | 2 ++ 2018/3xxx/CVE-2018-3997.json | 2 ++ 27 files changed, 785 insertions(+), 24 deletions(-) create mode 100644 2018/18xxx/CVE-2018-18056.json create mode 100644 2018/18xxx/CVE-2018-18057.json create mode 100644 2018/18xxx/CVE-2018-18058.json create mode 100644 2018/18xxx/CVE-2018-18059.json create mode 100644 2018/18xxx/CVE-2018-18060.json create mode 100644 2018/18xxx/CVE-2018-18061.json create mode 100644 2018/18xxx/CVE-2018-18062.json create mode 100644 2018/18xxx/CVE-2018-18063.json diff --git a/2018/16xxx/CVE-2018-16291.json b/2018/16xxx/CVE-2018-16291.json index 91d30b93fc1..6825006062d 100644 --- a/2018/16xxx/CVE-2018-16291.json +++ b/2018/16xxx/CVE-2018-16291.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16291", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource" : "CONFIRM", + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name" : "1041769", + "refsource" : "SECTRACK", + "url" : "http://www.securitytracker.com/id/1041769" } ] } diff --git a/2018/16xxx/CVE-2018-16292.json b/2018/16xxx/CVE-2018-16292.json index 4c6bb5ffab5..9dee8da3723 100644 --- a/2018/16xxx/CVE-2018-16292.json +++ b/2018/16xxx/CVE-2018-16292.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16292", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource" : "CONFIRM", + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name" : "1041769", + "refsource" : "SECTRACK", + "url" : "http://www.securitytracker.com/id/1041769" } ] } diff --git a/2018/16xxx/CVE-2018-16293.json b/2018/16xxx/CVE-2018-16293.json index 252036e50cc..72cb4bcbe0f 100644 --- a/2018/16xxx/CVE-2018-16293.json +++ b/2018/16xxx/CVE-2018-16293.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16293", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource" : "CONFIRM", + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name" : "1041769", + "refsource" : "SECTRACK", + "url" : "http://www.securitytracker.com/id/1041769" } ] } diff --git a/2018/16xxx/CVE-2018-16294.json b/2018/16xxx/CVE-2018-16294.json index 2b043d5f581..4b27c500ca8 100644 --- a/2018/16xxx/CVE-2018-16294.json +++ b/2018/16xxx/CVE-2018-16294.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16294", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource" : "CONFIRM", + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name" : "1041769", + "refsource" : "SECTRACK", + "url" : "http://www.securitytracker.com/id/1041769" } ] } diff --git a/2018/16xxx/CVE-2018-16295.json b/2018/16xxx/CVE-2018-16295.json index 666720150bd..5cb4599b7e2 100644 --- a/2018/16xxx/CVE-2018-16295.json +++ b/2018/16xxx/CVE-2018-16295.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16295", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource" : "CONFIRM", + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name" : "1041769", + "refsource" : "SECTRACK", + "url" : "http://www.securitytracker.com/id/1041769" } ] } diff --git a/2018/16xxx/CVE-2018-16296.json b/2018/16xxx/CVE-2018-16296.json index 1360c13f523..1936fe0c508 100644 --- a/2018/16xxx/CVE-2018-16296.json +++ b/2018/16xxx/CVE-2018-16296.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16296", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource" : "CONFIRM", + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name" : "1041769", + "refsource" : "SECTRACK", + "url" : "http://www.securitytracker.com/id/1041769" } ] } diff --git a/2018/16xxx/CVE-2018-16297.json b/2018/16xxx/CVE-2018-16297.json index 53598766b66..a76e61c5def 100644 --- a/2018/16xxx/CVE-2018-16297.json +++ b/2018/16xxx/CVE-2018-16297.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16297", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16296. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource" : "CONFIRM", + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name" : "1041769", + "refsource" : "SECTRACK", + "url" : "http://www.securitytracker.com/id/1041769" } ] } diff --git a/2018/17xxx/CVE-2018-17060.json b/2018/17xxx/CVE-2018-17060.json index 6d63ad69de6..f05437a854d 100644 --- a/2018/17xxx/CVE-2018-17060.json +++ b/2018/17xxx/CVE-2018-17060.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17060", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. NOTE: this product has been obsolete since June 2013." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.telerik.com/support/code-library/security-alert-for-the-obsolete-telerik-extensions-for-asp-net-mvc", + "refsource" : "CONFIRM", + "url" : "https://www.telerik.com/support/code-library/security-alert-for-the-obsolete-telerik-extensions-for-asp-net-mvc" } ] } diff --git a/2018/17xxx/CVE-2018-17440.json b/2018/17xxx/CVE-2018-17440.json index 6eed4c2afab..ff57334b036 100644 --- a/2018/17xxx/CVE-2018-17440.json +++ b/2018/17xxx/CVE-2018-17440.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17440", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181004 [CORE-2010-0010] - D-Link Central WiFiManager Software Controller Multiple", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Oct/11" + }, + { + "name" : "https://www.coresecurity.com/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities", + "refsource" : "MISC", + "url" : "https://www.coresecurity.com/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities" + }, + { + "name" : "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092", + "refsource" : "CONFIRM", + "url" : "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092" } ] } diff --git a/2018/17xxx/CVE-2018-17441.json b/2018/17xxx/CVE-2018-17441.json index 754ffc2c516..79fd4a54277 100644 --- a/2018/17xxx/CVE-2018-17441.json +++ b/2018/17xxx/CVE-2018-17441.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17441", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181004 [CORE-2010-0010] - D-Link Central WiFiManager Software Controller Multiple", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Oct/11" + }, + { + "name" : "https://www.coresecurity.com/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities", + "refsource" : "MISC", + "url" : "https://www.coresecurity.com/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities" + }, + { + "name" : "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092", + "refsource" : "CONFIRM", + "url" : "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092" } ] } diff --git a/2018/17xxx/CVE-2018-17442.json b/2018/17xxx/CVE-2018-17442.json index 4e1a0d5d057..4b7e826174c 100644 --- a/2018/17xxx/CVE-2018-17442.json +++ b/2018/17xxx/CVE-2018-17442.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17442", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181004 [CORE-2010-0010] - D-Link Central WiFiManager Software Controller Multiple", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Oct/11" + }, + { + "name" : "https://www.coresecurity.com/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities", + "refsource" : "MISC", + "url" : "https://www.coresecurity.com/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities" + }, + { + "name" : "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092", + "refsource" : "CONFIRM", + "url" : "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092" } ] } diff --git a/2018/17xxx/CVE-2018-17443.json b/2018/17xxx/CVE-2018-17443.json index b0fd8188cb3..a77a0a71a22 100644 --- a/2018/17xxx/CVE-2018-17443.json +++ b/2018/17xxx/CVE-2018-17443.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17443", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181004 [CORE-2010-0010] - D-Link Central WiFiManager Software Controller Multiple", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Oct/11" + }, + { + "name" : "https://www.coresecurity.com/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities", + "refsource" : "MISC", + "url" : "https://www.coresecurity.com/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities" + }, + { + "name" : "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092", + "refsource" : "CONFIRM", + "url" : "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092" } ] } diff --git a/2018/18xxx/CVE-2018-18056.json b/2018/18xxx/CVE-2018-18056.json new file mode 100644 index 00000000000..6f5295120db --- /dev/null +++ b/2018/18xxx/CVE-2018-18056.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18056", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/18xxx/CVE-2018-18057.json b/2018/18xxx/CVE-2018-18057.json new file mode 100644 index 00000000000..dc9f4f31c79 --- /dev/null +++ b/2018/18xxx/CVE-2018-18057.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18057", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/18xxx/CVE-2018-18058.json b/2018/18xxx/CVE-2018-18058.json new file mode 100644 index 00000000000..e674cc03dda --- /dev/null +++ b/2018/18xxx/CVE-2018-18058.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18058", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/18xxx/CVE-2018-18059.json b/2018/18xxx/CVE-2018-18059.json new file mode 100644 index 00000000000..a1142f16c91 --- /dev/null +++ b/2018/18xxx/CVE-2018-18059.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18059", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/18xxx/CVE-2018-18060.json b/2018/18xxx/CVE-2018-18060.json new file mode 100644 index 00000000000..2285cc6b437 --- /dev/null +++ b/2018/18xxx/CVE-2018-18060.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18060", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/18xxx/CVE-2018-18061.json b/2018/18xxx/CVE-2018-18061.json new file mode 100644 index 00000000000..1aadd5f9372 --- /dev/null +++ b/2018/18xxx/CVE-2018-18061.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18061", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/18xxx/CVE-2018-18062.json b/2018/18xxx/CVE-2018-18062.json new file mode 100644 index 00000000000..92f5dcdae8e --- /dev/null +++ b/2018/18xxx/CVE-2018-18062.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18062", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/18xxx/CVE-2018-18063.json b/2018/18xxx/CVE-2018-18063.json new file mode 100644 index 00000000000..8f62b851326 --- /dev/null +++ b/2018/18xxx/CVE-2018-18063.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18063", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/3xxx/CVE-2018-3940.json b/2018/3xxx/CVE-2018-3940.json index 7f50bc0e922..c43459c8c61 100644 --- a/2018/3xxx/CVE-2018-3940.json +++ b/2018/3xxx/CVE-2018-3940.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0607", + "refsource" : "MISC", "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0607" } ] diff --git a/2018/3xxx/CVE-2018-3941.json b/2018/3xxx/CVE-2018-3941.json index 681c24e7a19..980e28a3feb 100644 --- a/2018/3xxx/CVE-2018-3941.json +++ b/2018/3xxx/CVE-2018-3941.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0608", + "refsource" : "MISC", "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0608" } ] diff --git a/2018/3xxx/CVE-2018-3942.json b/2018/3xxx/CVE-2018-3942.json index 208e364c364..b63b41f7706 100644 --- a/2018/3xxx/CVE-2018-3942.json +++ b/2018/3xxx/CVE-2018-3942.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0609", + "refsource" : "MISC", "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0609" } ] diff --git a/2018/3xxx/CVE-2018-3945.json b/2018/3xxx/CVE-2018-3945.json index aa78bf6fbb1..5d188ffa764 100644 --- a/2018/3xxx/CVE-2018-3945.json +++ b/2018/3xxx/CVE-2018-3945.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0612", + "refsource" : "MISC", "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0612" } ] diff --git a/2018/3xxx/CVE-2018-3992.json b/2018/3xxx/CVE-2018-3992.json index faab4d8d9c3..4f1e1aaa87e 100644 --- a/2018/3xxx/CVE-2018-3992.json +++ b/2018/3xxx/CVE-2018-3992.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0660", + "refsource" : "MISC", "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0660" } ] diff --git a/2018/3xxx/CVE-2018-3996.json b/2018/3xxx/CVE-2018-3996.json index 414dbdd3085..768c699ce43 100644 --- a/2018/3xxx/CVE-2018-3996.json +++ b/2018/3xxx/CVE-2018-3996.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0664", + "refsource" : "MISC", "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0664" } ] diff --git a/2018/3xxx/CVE-2018-3997.json b/2018/3xxx/CVE-2018-3997.json index 09dd995cced..b3a5b0d5980 100644 --- a/2018/3xxx/CVE-2018-3997.json +++ b/2018/3xxx/CVE-2018-3997.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0665", + "refsource" : "MISC", "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0665" } ]