- Synchronized data.

2018/1000xxx/CVE-2018-1000201.json

@@ -1 +1,69 @@
-{"CVE_data_meta":{"ASSIGNER":"kurt@seifried.org","DATE_ASSIGNED":"2018-04-06","ID":"CVE-2018-1000201","REQUESTER":"lars@greiz-reinsdorf.de","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ruby-ffi ","version":{"version_data":[{"version_value":"1.9.23 and earlier"}]}}]},"vendor_name":"ruby-ffi"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-427: Uncontrolled Search Path Element"}]}]},"references":{"reference_data":[{"name":"https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c","refsource":"CONFIRM","url":"https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c"},{"name":"https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a","refsource":"CONFIRM","url":"https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a"}]}}
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "kurt@seifried.org",
+      "DATE_ASSIGNED" : "2018-04-06",
+      "ID" : "CVE-2018-1000201",
+      "REQUESTER" : "lars@greiz-reinsdorf.de",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "ruby-ffi ",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "1.9.23 and earlier"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "ruby-ffi"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "CWE-427: Uncontrolled Search Path Element"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a",
+            "refsource" : "CONFIRM",
+            "url" : "https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a"
+         },
+         {
+            "name" : "https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c",
+            "refsource" : "CONFIRM",
+            "url" : "https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c"
+         }
+      ]
+   }
+}

2018/12xxx/CVE-2018-12678.json

@@ -0,0 +1,67 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-12678",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://github.com/portainer/portainer/pull/1979",
+            "refsource" : "CONFIRM",
+            "url" : "https://github.com/portainer/portainer/pull/1979"
+         },
+         {
+            "name" : "https://github.com/portainer/portainer/releases/tag/1.18.0",
+            "refsource" : "CONFIRM",
+            "url" : "https://github.com/portainer/portainer/releases/tag/1.18.0"
+         }
+      ]
+   }
+}

2018/12xxx/CVE-2018-12679.json

@@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-12679",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}

2018/12xxx/CVE-2018-12680.json

@@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-12680",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}

2018/12xxx/CVE-2018-12681.json

@@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-12681",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}

2018/12xxx/CVE-2018-12682.json

@@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-12682",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}