From 838c16d5678c20b327c1f2bde6f278e08c80d9f6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 26 Nov 2018 15:05:52 -0500 Subject: [PATCH] - Synchronized data. --- 2018/11xxx/CVE-2018-11066.json | 117 +++++++++++++++++---------------- 2018/11xxx/CVE-2018-11067.json | 117 +++++++++++++++++---------------- 2018/11xxx/CVE-2018-11076.json | 103 +++++++++++++++-------------- 2018/11xxx/CVE-2018-11077.json | 117 +++++++++++++++++---------------- 2018/18xxx/CVE-2018-18807.json | 10 ++- 2018/19xxx/CVE-2018-19565.json | 67 +++++++++++++++++++ 2018/19xxx/CVE-2018-19566.json | 67 +++++++++++++++++++ 2018/19xxx/CVE-2018-19567.json | 67 +++++++++++++++++++ 2018/19xxx/CVE-2018-19568.json | 67 +++++++++++++++++++ 9 files changed, 504 insertions(+), 228 deletions(-) create mode 100644 2018/19xxx/CVE-2018-19565.json create mode 100644 2018/19xxx/CVE-2018-19566.json create mode 100644 2018/19xxx/CVE-2018-19567.json create mode 100644 2018/19xxx/CVE-2018-19568.json diff --git a/2018/11xxx/CVE-2018-11066.json b/2018/11xxx/CVE-2018-11066.json index 07440bc4698..370e19ee906 100644 --- a/2018/11xxx/CVE-2018-11066.json +++ b/2018/11xxx/CVE-2018-11066.json @@ -1,115 +1,116 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-11-20T05:00:00.000Z", - "ID": "CVE-2018-11066", - "STATE": "PUBLIC", - "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability" + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "DATE_PUBLIC" : "2018-11-20T05:00:00.000Z", + "ID" : "CVE-2018-11066", + "STATE" : "PUBLIC", + "TITLE" : "Dell EMC Avamar and Integrated Data Protection Appliance Remote Code Execution Vulnerability" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Avamar", - "version": { - "version_data": [ + "product_name" : "Avamar", + "version" : { + "version_data" : [ { - "affected": "=", - "version_value": "7.2.0" + "affected" : "=", + "version_value" : "7.2.0" }, { - "affected": "=", - "version_value": "7.2.1" + "affected" : "=", + "version_value" : "7.2.1" }, { - "affected": "=", - "version_value": "7.3.0" + "affected" : "=", + "version_value" : "7.3.0" }, { - "affected": "=", - "version_value": "7.3.1" + "affected" : "=", + "version_value" : "7.3.1" }, { - "affected": "=", - "version_value": "7.4.0" + "affected" : "=", + "version_value" : "7.4.0" }, { - "affected": "=", - "version_value": "7.4.1" + "affected" : "=", + "version_value" : "7.4.1" }, { - "version_value": "7.5.0" + "version_value" : "7.5.0" }, { - "version_value": "7.5.1" + "version_value" : "7.5.1" }, { - "version_value": "18.1" + "version_value" : "18.1" } ] } }, { - "product_name": "Integrated Data Protection Appliance ", - "version": { - "version_data": [ + "product_name" : "Integrated Data Protection Appliance ", + "version" : { + "version_data" : [ { - "affected": "=", - "version_value": "2.0" + "affected" : "=", + "version_value" : "2.0" }, { - "affected": "=", - "version_value": "2.1" + "affected" : "=", + "version_value" : "2.1" }, { - "affected": "=", - "version_value": "2.2" + "affected" : "=", + "version_value" : "2.2" } ] } } ] }, - "vendor_name": "Dell EMC" + "vendor_name" : "Dell EMC" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server." + "lang" : "eng", + "value" : "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Remote Code Execution Vulnerability" + "lang" : "eng", + "value" : "Remote Code Execution Vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "FULLDISC", - "url": "https://seclists.org/fulldisclosure/2018/Nov/49" + "name" : "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities", + "refsource" : "FULLDISC", + "url" : "https://seclists.org/fulldisclosure/2018/Nov/49" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2018/11xxx/CVE-2018-11067.json b/2018/11xxx/CVE-2018-11067.json index 84c2aeb2620..0e6b2fc8936 100644 --- a/2018/11xxx/CVE-2018-11067.json +++ b/2018/11xxx/CVE-2018-11067.json @@ -1,115 +1,116 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-11-20T05:00:00.000Z", - "ID": "CVE-2018-11067", - "STATE": "PUBLIC", - "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability" + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "DATE_PUBLIC" : "2018-11-20T05:00:00.000Z", + "ID" : "CVE-2018-11067", + "STATE" : "PUBLIC", + "TITLE" : "Dell EMC Avamar and Integrated Data Protection Appliance Open Redirection Vulnerability" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Avamar", - "version": { - "version_data": [ + "product_name" : "Avamar", + "version" : { + "version_data" : [ { - "affected": "=", - "version_value": "7.2.0" + "affected" : "=", + "version_value" : "7.2.0" }, { - "affected": "=", - "version_value": "7.2.1" + "affected" : "=", + "version_value" : "7.2.1" }, { - "affected": "=", - "version_value": "7.3.0" + "affected" : "=", + "version_value" : "7.3.0" }, { - "affected": "=", - "version_value": "7.3.1" + "affected" : "=", + "version_value" : "7.3.1" }, { - "affected": "=", - "version_value": "7.4.0" + "affected" : "=", + "version_value" : "7.4.0" }, { - "affected": "=", - "version_value": "7.4.1" + "affected" : "=", + "version_value" : "7.4.1" }, { - "version_value": "7.5.0" + "version_value" : "7.5.0" }, { - "version_value": "7.5.1" + "version_value" : "7.5.1" }, { - "version_value": "18.1" + "version_value" : "18.1" } ] } }, { - "product_name": "Integrated Data Protection Appliance ", - "version": { - "version_data": [ + "product_name" : "Integrated Data Protection Appliance ", + "version" : { + "version_data" : [ { - "affected": "=", - "version_value": "2.0" + "affected" : "=", + "version_value" : "2.0" }, { - "affected": "=", - "version_value": "2.1" + "affected" : "=", + "version_value" : "2.1" }, { - "affected": "=", - "version_value": "2.2" + "affected" : "=", + "version_value" : "2.2" } ] } } ] }, - "vendor_name": "Dell EMC" + "vendor_name" : "Dell EMC" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites." + "lang" : "eng", + "value" : "Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Open Redirection Vulnerability" + "lang" : "eng", + "value" : "Open Redirection Vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "FULLDISC", - "url": "https://seclists.org/fulldisclosure/2018/Nov/49" + "name" : "20181120 DSA-2018-145: Dell EMC Avamar Multiple Vulnerabilities", + "refsource" : "FULLDISC", + "url" : "https://seclists.org/fulldisclosure/2018/Nov/49" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2018/11xxx/CVE-2018-11076.json b/2018/11xxx/CVE-2018-11076.json index f3a32abd4dc..648904af13f 100644 --- a/2018/11xxx/CVE-2018-11076.json +++ b/2018/11xxx/CVE-2018-11076.json @@ -1,98 +1,99 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-11-20T05:00:00.000Z", - "ID": "CVE-2018-11076", - "STATE": "PUBLIC", - "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability" + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "DATE_PUBLIC" : "2018-11-20T05:00:00.000Z", + "ID" : "CVE-2018-11076", + "STATE" : "PUBLIC", + "TITLE" : "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Avamar", - "version": { - "version_data": [ + "product_name" : "Avamar", + "version" : { + "version_data" : [ { - "affected": "=", - "version_value": "7.2.0" + "affected" : "=", + "version_value" : "7.2.0" }, { - "affected": "=", - "version_value": "7.2.1" + "affected" : "=", + "version_value" : "7.2.1" }, { - "affected": "=", - "version_value": "7.3.0" + "affected" : "=", + "version_value" : "7.3.0" }, { - "affected": "=", - "version_value": "7.3.1" + "affected" : "=", + "version_value" : "7.3.1" }, { - "affected": "=", - "version_value": "7.4.0" + "affected" : "=", + "version_value" : "7.4.0" }, { - "affected": "=", - "version_value": "7.4.1" + "affected" : "=", + "version_value" : "7.4.1" } ] } }, { - "product_name": "Integrated Data Protection Appliance ", - "version": { - "version_data": [ + "product_name" : "Integrated Data Protection Appliance ", + "version" : { + "version_data" : [ { - "affected": "=", - "version_value": "2.0" + "affected" : "=", + "version_value" : "2.0" } ] } } ] }, - "vendor_name": "Dell EMC" + "vendor_name" : "Dell EMC" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console’s SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users." + "lang" : "eng", + "value" : "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Remote Code Execution Vulnerability" + "lang" : "eng", + "value" : "Remote Code Execution Vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "FULLDISC", - "url": "https://seclists.org/fulldisclosure/2018/Nov/50" + "name" : "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability", + "refsource" : "FULLDISC", + "url" : "https://seclists.org/fulldisclosure/2018/Nov/50" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2018/11xxx/CVE-2018-11077.json b/2018/11xxx/CVE-2018-11077.json index 09446845329..56a84ce051e 100644 --- a/2018/11xxx/CVE-2018-11077.json +++ b/2018/11xxx/CVE-2018-11077.json @@ -1,115 +1,116 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2018-11-20T05:00:00.000Z", - "ID": "CVE-2018-11077", - "STATE": "PUBLIC", - "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability" + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "DATE_PUBLIC" : "2018-11-20T05:00:00.000Z", + "ID" : "CVE-2018-11077", + "STATE" : "PUBLIC", + "TITLE" : "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Avamar", - "version": { - "version_data": [ + "product_name" : "Avamar", + "version" : { + "version_data" : [ { - "affected": "=", - "version_value": "7.2.0" + "affected" : "=", + "version_value" : "7.2.0" }, { - "affected": "=", - "version_value": "7.2.1" + "affected" : "=", + "version_value" : "7.2.1" }, { - "affected": "=", - "version_value": "7.3.0" + "affected" : "=", + "version_value" : "7.3.0" }, { - "affected": "=", - "version_value": "7.3.1" + "affected" : "=", + "version_value" : "7.3.1" }, { - "affected": "=", - "version_value": "7.4.0" + "affected" : "=", + "version_value" : "7.4.0" }, { - "affected": "=", - "version_value": "7.4.1" + "affected" : "=", + "version_value" : "7.4.1" }, { - "version_value": "7.5.0" + "version_value" : "7.5.0" }, { - "version_value": "7.5.1" + "version_value" : "7.5.1" }, { - "version_value": "18.1" + "version_value" : "18.1" } ] } }, { - "product_name": "Integrated Data Protection Appliance ", - "version": { - "version_data": [ + "product_name" : "Integrated Data Protection Appliance ", + "version" : { + "version_data" : [ { - "affected": "=", - "version_value": "2.0" + "affected" : "=", + "version_value" : "2.0" }, { - "affected": "=", - "version_value": "2.1" + "affected" : "=", + "version_value" : "2.1" }, { - "affected": "=", - "version_value": "2.2" + "affected" : "=", + "version_value" : "2.2" } ] } } ] }, - "vendor_name": "Dell EMC" + "vendor_name" : "Dell EMC" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "‘getlogs’ utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege." + "lang" : "eng", + "value" : "'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Command Injection Vulnerability" + "lang" : "eng", + "value" : "Command Injection Vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "FULLDISC", - "url": "https://seclists.org/fulldisclosure/2018/Nov/51" + "name" : "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability", + "refsource" : "FULLDISC", + "url" : "https://seclists.org/fulldisclosure/2018/Nov/51" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2018/18xxx/CVE-2018-18807.json b/2018/18xxx/CVE-2018-18807.json index 148f96e21be..aa76cc0e138 100644 --- a/2018/18xxx/CVE-2018-18807.json +++ b/2018/18xxx/CVE-2018-18807.json @@ -37,7 +37,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0." + "value" : "The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0." } ] }, @@ -72,10 +72,14 @@ "references" : { "reference_data" : [ { - "url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-26-2018-tibco-statistica-server" + "name" : "http://www.tibco.com/services/support/advisories", + "refsource" : "MISC", + "url" : "http://www.tibco.com/services/support/advisories" }, { - "url" : "http://www.tibco.com/services/support/advisories" + "name" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-26-2018-tibco-statistica-server", + "refsource" : "CONFIRM", + "url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-26-2018-tibco-statistica-server" } ] }, diff --git a/2018/19xxx/CVE-2018-19565.json b/2018/19xxx/CVE-2018-19565.json new file mode 100644 index 00000000000..4155f342406 --- /dev/null +++ b/2018/19xxx/CVE-2018-19565.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19565", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://seclists.org/oss-sec/2018/q4/165", + "refsource" : "MISC", + "url" : "https://seclists.org/oss-sec/2018/q4/165" + }, + { + "name" : "https://seclists.org/oss-sec/2018/q4/171", + "refsource" : "MISC", + "url" : "https://seclists.org/oss-sec/2018/q4/171" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19566.json b/2018/19xxx/CVE-2018-19566.json new file mode 100644 index 00000000000..cc1bda222f3 --- /dev/null +++ b/2018/19xxx/CVE-2018-19566.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19566", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://seclists.org/oss-sec/2018/q4/165", + "refsource" : "MISC", + "url" : "https://seclists.org/oss-sec/2018/q4/165" + }, + { + "name" : "https://seclists.org/oss-sec/2018/q4/171", + "refsource" : "MISC", + "url" : "https://seclists.org/oss-sec/2018/q4/171" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19567.json b/2018/19xxx/CVE-2018-19567.json new file mode 100644 index 00000000000..222e42ddde4 --- /dev/null +++ b/2018/19xxx/CVE-2018-19567.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19567", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://seclists.org/oss-sec/2018/q4/165", + "refsource" : "MISC", + "url" : "https://seclists.org/oss-sec/2018/q4/165" + }, + { + "name" : "https://seclists.org/oss-sec/2018/q4/171", + "refsource" : "MISC", + "url" : "https://seclists.org/oss-sec/2018/q4/171" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19568.json b/2018/19xxx/CVE-2018-19568.json new file mode 100644 index 00000000000..48e5a9cb29e --- /dev/null +++ b/2018/19xxx/CVE-2018-19568.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19568", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://seclists.org/oss-sec/2018/q4/165", + "refsource" : "MISC", + "url" : "https://seclists.org/oss-sec/2018/q4/165" + }, + { + "name" : "https://seclists.org/oss-sec/2018/q4/171", + "refsource" : "MISC", + "url" : "https://seclists.org/oss-sec/2018/q4/171" + } + ] + } +}