"-Synchronized-Data."

2018/18xxx/CVE-2018-18913.json

@@ -2,7 +2,30 @@
     "CVE_data_meta": {
         "ASSIGNER": "cve@mitre.org",
         "ID": "CVE-2018-18913",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
     },
     "data_format": "MITRE",
     "data_type": "CVE",
@@ -11,7 +34,33 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://lucideustech.blogspot.com/2019/02/opera-search-order-hijacking-cve-2018-18913.html",
+                "refsource": "MISC",
+                "name": "https://lucideustech.blogspot.com/2019/02/opera-search-order-hijacking-cve-2018-18913.html"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://blogs.opera.com/desktop/changelog-for-57/",
+                "url": "https://blogs.opera.com/desktop/changelog-for-57/"
             }
         ]
     }

2018/19xxx/CVE-2018-19320.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system."
+                "value": "The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system."
             }
         ]
     },
@@ -66,6 +66,11 @@
                 "name": "106252",
                 "refsource": "BID",
                 "url": "http://www.securityfocus.com/bid/106252"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card",
+                "url": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card"
             }
         ]
     }

2018/19xxx/CVE-2018-19321.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges."
+                "value": "The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges."
             }
         ]
     },

2018/19xxx/CVE-2018-19322.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges."
+                "value": "The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges."
             }
         ]
     },
@@ -66,6 +66,11 @@
                 "name": "106252",
                 "refsource": "BID",
                 "url": "http://www.securityfocus.com/bid/106252"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card",
+                "url": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card"
             }
         ]
     }

2018/19xxx/CVE-2018-19323.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs)."
+                "value": "The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs)."
             }
         ]
     },
@@ -66,6 +66,11 @@
                 "name": "106252",
                 "refsource": "BID",
                 "url": "http://www.securityfocus.com/bid/106252"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card",
+                "url": "https://www.gigabyte.com/tw/Support/Utility/Graphics-Card"
             }
         ]
     }

2018/9xxx/CVE-2018-9186.json

@@ -35,7 +35,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator below 5.3.0 versions \"CSRF validation failure\" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header."
+                "value": "A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 \"CSRF validation failure\" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header."
             }
         ]
     },