diff --git a/2018/1000xxx/CVE-2018-1000137.json b/2018/1000xxx/CVE-2018-1000137.json index 6fd052fe5f0..d9ea987cca2 100644 --- a/2018/1000xxx/CVE-2018-1000137.json +++ b/2018/1000xxx/CVE-2018-1000137.json @@ -1,64 +1,62 @@ { - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://github.com/mkucej/i-librarian/issues/121" - }, - { - "url": "https://github.com/mkucej/i-librarian/issues/121" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "4.8 and earlier" - } + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "3/15/2018 22:28:53", + "ID" : "CVE-2018-1000137", + "REQUESTER" : "3022235906@qq.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "I, Librarian ", + "version" : { + "version_data" : [ + { + "version_value" : "4.8 and earlier" + } + ] + } + } ] - }, - "product_name": "I, Librarian " - } - ] - }, - "vendor_name": "I, Librarian " - } - ] - } - }, - "CVE_data_meta": { - "DATE_ASSIGNED": "3/15/2018 22:28:53", - "ID": "CVE-2018-1000137", - "ASSIGNER": "kurt@seifried.org", - "REQUESTER": "3022235906@qq.com" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross ite Request Forgery (CSRF)" - } - ] + }, + "vendor_name" : "I, Librarian " + } + ] } - ] - } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross ite Request Forgery (CSRF)" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/mkucej/i-librarian/issues/121" + } + ] + } } diff --git a/2018/1000xxx/CVE-2018-1000138.json b/2018/1000xxx/CVE-2018-1000138.json index 2d90f8ec92d..c89b2db1cba 100644 --- a/2018/1000xxx/CVE-2018-1000138.json +++ b/2018/1000xxx/CVE-2018-1000138.json @@ -1,64 +1,65 @@ { - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://github.com/mkucej/i-librarian/issues/120" - }, - { - "url": "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/functions.php#L811" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "I, Librarian version 4.8 and earlier contains a SSRF vulnerability in \"url\" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "4.8 and earlier" - } + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "3/15/2018 22:32:23", + "ID" : "CVE-2018-1000138", + "REQUESTER" : "3022235906@qq.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "I, Librarian ", + "version" : { + "version_data" : [ + { + "version_value" : "4.8 and earlier" + } + ] + } + } ] - }, - "product_name": "I, Librarian " - } - ] - }, - "vendor_name": "I, Librarian " - } - ] - } - }, - "CVE_data_meta": { - "DATE_ASSIGNED": "3/15/2018 22:32:23", - "ID": "CVE-2018-1000138", - "ASSIGNER": "kurt@seifried.org", - "REQUESTER": "3022235906@qq.com" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "SSRF" - } - ] + }, + "vendor_name" : "I, Librarian " + } + ] } - ] - } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "I, Librarian version 4.8 and earlier contains a SSRF vulnerability in \"url\" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "SSRF" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/functions.php#L811" + }, + { + "url" : "https://github.com/mkucej/i-librarian/issues/120" + } + ] + } } diff --git a/2018/1000xxx/CVE-2018-1000139.json b/2018/1000xxx/CVE-2018-1000139.json index f7e0d2931ec..1d2459bc59d 100644 --- a/2018/1000xxx/CVE-2018-1000139.json +++ b/2018/1000xxx/CVE-2018-1000139.json @@ -1,64 +1,65 @@ { - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://github.com/mkucej/i-librarian/issues/119" - }, - { - "url": "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in \"id\" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "4.8 and earlier" - } + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "3/15/2018 22:35:10", + "ID" : "CVE-2018-1000139", + "REQUESTER" : "3022235906@qq.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "I, Librarian ", + "version" : { + "version_data" : [ + { + "version_value" : "4.8 and earlier" + } + ] + } + } ] - }, - "product_name": "I, Librarian " - } - ] - }, - "vendor_name": "I, Librarian " - } - ] - } - }, - "CVE_data_meta": { - "DATE_ASSIGNED": "3/15/2018 22:35:10", - "ID": "CVE-2018-1000139", - "ASSIGNER": "kurt@seifried.org", - "REQUESTER": "3022235906@qq.com" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross Site Scripting (XSS)" - } - ] + }, + "vendor_name" : "I, Librarian " + } + ] } - ] - } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in \"id\" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8" + }, + { + "url" : "https://github.com/mkucej/i-librarian/issues/119" + } + ] + } } diff --git a/2018/1000xxx/CVE-2018-1000140.json b/2018/1000xxx/CVE-2018-1000140.json index b5d52719ae2..be025281867 100644 --- a/2018/1000xxx/CVE-2018-1000140.json +++ b/2018/1000xxx/CVE-2018-1000140.json @@ -1 +1,65 @@ -{"data_version":"4.0","references":{"reference_data":[{"url":"https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205"},{"url":"https://lgtm.com/rules/1505913226124/"}]},"description":{"description_data":[{"lang":"eng","value":"rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"1.2.14 and earlier"}]},"product_name":"librelp"}]},"vendor_name":"rsyslog"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"3/20/2018 10:38:48","ID":"CVE-2018-1000140","ASSIGNER":"kurt@seifried.org","REQUESTER":"kev@semmle.com"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Buffer Overflow"}]}]}} +{ + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "3/20/2018 10:38:48", + "ID" : "CVE-2018-1000140", + "REQUESTER" : "kev@semmle.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "librelp", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.14 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "rsyslog" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205" + }, + { + "url" : "https://lgtm.com/rules/1505913226124/" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000141.json b/2018/1000xxx/CVE-2018-1000141.json index ab35ab5469f..3656694e953 100644 --- a/2018/1000xxx/CVE-2018-1000141.json +++ b/2018/1000xxx/CVE-2018-1000141.json @@ -1,61 +1,62 @@ { - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://github.com/mkucej/i-librarian/issues/124" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "4.9 and earlier" - } + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "3/22/2018 23:59:29", + "ID" : "CVE-2018-1000141", + "REQUESTER" : "xiaoyin.l@outlook.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "I, Librarian", + "version" : { + "version_data" : [ + { + "version_value" : "4.9 and earlier" + } + ] + } + } ] - }, - "product_name": "I, Librarian" - } - ] - }, - "vendor_name": "I, Librarian" - } - ] - } - }, - "CVE_data_meta": { - "DATE_ASSIGNED": "3/22/2018 23:59:29", - "ID": "CVE-2018-1000141", - "ASSIGNER": "kurt@seifried.org", - "REQUESTER": "xiaoyin.l@outlook.com" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Incorrect Access Control" - } - ] + }, + "vendor_name" : "I, Librarian" + } + ] } - ] - } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Incorrect Access Control" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/mkucej/i-librarian/issues/124" + } + ] + } } diff --git a/2018/8xxx/CVE-2018-8958.json b/2018/8xxx/CVE-2018-8958.json new file mode 100644 index 00000000000..55ff44f6c5f --- /dev/null +++ b/2018/8xxx/CVE-2018-8958.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-8958", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/8xxx/CVE-2018-8959.json b/2018/8xxx/CVE-2018-8959.json new file mode 100644 index 00000000000..74e57952046 --- /dev/null +++ b/2018/8xxx/CVE-2018-8959.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-8959", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/8xxx/CVE-2018-8960.json b/2018/8xxx/CVE-2018-8960.json new file mode 100644 index 00000000000..0fc31b6694a --- /dev/null +++ b/2018/8xxx/CVE-2018-8960.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-8960", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/ImageMagick/ImageMagick/issues/1020" + } + ] + } +} diff --git a/2018/8xxx/CVE-2018-8961.json b/2018/8xxx/CVE-2018-8961.json new file mode 100644 index 00000000000..54160a95623 --- /dev/null +++ b/2018/8xxx/CVE-2018-8961.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-8961", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/libming/libming/issues/130" + } + ] + } +} diff --git a/2018/8xxx/CVE-2018-8962.json b/2018/8xxx/CVE-2018-8962.json new file mode 100644 index 00000000000..cf6f293353f --- /dev/null +++ b/2018/8xxx/CVE-2018-8962.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-8962", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/libming/libming/issues/130" + } + ] + } +} diff --git a/2018/8xxx/CVE-2018-8963.json b/2018/8xxx/CVE-2018-8963.json new file mode 100644 index 00000000000..56cf6ebfc46 --- /dev/null +++ b/2018/8xxx/CVE-2018-8963.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-8963", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/libming/libming/issues/130" + } + ] + } +} diff --git a/2018/8xxx/CVE-2018-8964.json b/2018/8xxx/CVE-2018-8964.json new file mode 100644 index 00000000000..08bdeba017b --- /dev/null +++ b/2018/8xxx/CVE-2018-8964.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-8964", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/libming/libming/issues/130" + } + ] + } +}