From 67a0154c0a024fc15755ef86f2156bddaa69a5fe Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 14 Nov 2018 15:04:58 -0500 Subject: [PATCH] - Synchronized data. --- 2018/17xxx/CVE-2018-17960.json | 53 ++++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19278.json | 67 ++++++++++++++++++++++++++++++++++ 2018/19xxx/CVE-2018-19279.json | 62 +++++++++++++++++++++++++++++++ 2018/19xxx/CVE-2018-19280.json | 62 +++++++++++++++++++++++++++++++ 2018/19xxx/CVE-2018-19281.json | 62 +++++++++++++++++++++++++++++++ 5 files changed, 304 insertions(+), 2 deletions(-) create mode 100644 2018/19xxx/CVE-2018-19278.json create mode 100644 2018/19xxx/CVE-2018-19279.json create mode 100644 2018/19xxx/CVE-2018-19280.json create mode 100644 2018/19xxx/CVE-2018-19281.json diff --git a/2018/17xxx/CVE-2018-17960.json b/2018/17xxx/CVE-2018-17960.json index d9663510475..595489ce9b8 100644 --- a/2018/17xxx/CVE-2018-17960.json +++ b/2018/17xxx/CVE-2018-17960.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17960", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/", + "refsource" : "MISC", + "url" : "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/" + }, + { + "name" : "https://ckeditor.com/cke4/release/CKEditor-4.11.0", + "refsource" : "MISC", + "url" : "https://ckeditor.com/cke4/release/CKEditor-4.11.0" } ] } diff --git a/2018/19xxx/CVE-2018-19278.json b/2018/19xxx/CVE-2018-19278.json new file mode 100644 index 00000000000..ea65212829d --- /dev/null +++ b/2018/19xxx/CVE-2018-19278.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19278", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://downloads.asterisk.org/pub/security/AST-2018-010.html", + "refsource" : "MISC", + "url" : "https://downloads.asterisk.org/pub/security/AST-2018-010.html" + }, + { + "name" : "https://issues.asterisk.org/jira/browse/ASTERISK-28127", + "refsource" : "MISC", + "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-28127" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19279.json b/2018/19xxx/CVE-2018-19279.json new file mode 100644 index 00000000000..9d477f48dd3 --- /dev/null +++ b/2018/19xxx/CVE-2018-19279.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19279", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.primx.eu/en/security-18a10338/", + "refsource" : "MISC", + "url" : "https://www.primx.eu/en/security-18a10338/" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19280.json b/2018/19xxx/CVE-2018-19280.json new file mode 100644 index 00000000000..23cab9f4b70 --- /dev/null +++ b/2018/19xxx/CVE-2018-19280.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19280", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/centreon/centreon/pull/6626", + "refsource" : "MISC", + "url" : "https://github.com/centreon/centreon/pull/6626" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19281.json b/2018/19xxx/CVE-2018-19281.json new file mode 100644 index 00000000000..24b28d352f1 --- /dev/null +++ b/2018/19xxx/CVE-2018-19281.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19281", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Centreon 3.4.x allows SNMP trap SQL Injection." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/centreon/centreon/pull/6627", + "refsource" : "MISC", + "url" : "https://github.com/centreon/centreon/pull/6627" + } + ] + } +}