diff --git a/2018/20xxx/CVE-2018-20582.json b/2018/20xxx/CVE-2018-20582.json index e13cb6bd27f..50ff3833d30 100644 --- a/2018/20xxx/CVE-2018-20582.json +++ b/2018/20xxx/CVE-2018-20582.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20582", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://medium.com/@beefaaubee/dissecting-into-gree-android-application-43892d54b006", + "url": "https://medium.com/@beefaaubee/dissecting-into-gree-android-application-43892d54b006" + }, + { + "url": "https://play.google.com/store/apps/details?id=com.gree.greeplus", + "refsource": "MISC", + "name": "https://play.google.com/store/apps/details?id=com.gree.greeplus" } ] } diff --git a/2018/21xxx/CVE-2018-21027.json b/2018/21xxx/CVE-2018-21027.json new file mode 100644 index 00000000000..0eff07d3ef5 --- /dev/null +++ b/2018/21xxx/CVE-2018-21027.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/gpg/boa/pull/1", + "url": "https://github.com/gpg/boa/pull/1" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/gpg/boa/pull/1/commits/e139b87835994d007fbd64eead6c1455d7b8cf4e", + "url": "https://github.com/gpg/boa/pull/1/commits/e139b87835994d007fbd64eead6c1455d7b8cf4e" + } + ] + } +} \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21028.json b/2018/21xxx/CVE-2018-21028.json new file mode 100644 index 00000000000..c89dadda72f --- /dev/null +++ b/2018/21xxx/CVE-2018-21028.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/gpg/boa/pull/1", + "url": "https://github.com/gpg/boa/pull/1" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/gpg/boa/pull/1/commits/e139b87835994d007fbd64eead6c1455d7b8cf4e", + "url": "https://github.com/gpg/boa/pull/1/commits/e139b87835994d007fbd64eead6c1455d7b8cf4e" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17505.json b/2019/17xxx/CVE-2019-17505.json new file mode 100644 index 00000000000..c36140f7fa3 --- /dev/null +++ b/2019/17xxx/CVE-2019-17505.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dahua966/Routers-vuls/blob/master/DAP-1320/vuls_poc.md", + "refsource": "MISC", + "name": "https://github.com/dahua966/Routers-vuls/blob/master/DAP-1320/vuls_poc.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17506.json b/2019/17xxx/CVE-2019-17506.json new file mode 100644 index 00000000000..81cd2200fdd --- /dev/null +++ b/2019/17xxx/CVE-2019-17506.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py", + "refsource": "MISC", + "name": "https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17507.json b/2019/17xxx/CVE-2019-17507.json new file mode 100644 index 00000000000..c1f514aab66 --- /dev/null +++ b/2019/17xxx/CVE-2019-17507.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = \"/dir_login.asp\"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dahua966/Routers-vuls/tree/master/DIR-816", + "refsource": "MISC", + "name": "https://github.com/dahua966/Routers-vuls/tree/master/DIR-816" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17508.json b/2019/17xxx/CVE-2019-17508.json new file mode 100644 index 00000000000..850f339ab6f --- /dev/null +++ b/2019/17xxx/CVE-2019-17508.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dahua966/Routers-vuls/tree/master/DIR-859", + "refsource": "MISC", + "name": "https://github.com/dahua966/Routers-vuls/tree/master/DIR-859" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17509.json b/2019/17xxx/CVE-2019-17509.json new file mode 100644 index 00000000000..2574af59e61 --- /dev/null +++ b/2019/17xxx/CVE-2019-17509.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dahua966/Routers-vuls/blob/master/DIR-846/vuls_info.md", + "refsource": "MISC", + "name": "https://github.com/dahua966/Routers-vuls/blob/master/DIR-846/vuls_info.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17510.json b/2019/17xxx/CVE-2019-17510.json new file mode 100644 index 00000000000..39c7540a692 --- /dev/null +++ b/2019/17xxx/CVE-2019-17510.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dahua966/Routers-vuls/blob/master/DIR-846/vuls_info.md", + "refsource": "MISC", + "name": "https://github.com/dahua966/Routers-vuls/blob/master/DIR-846/vuls_info.md" + } + ] + } +} \ No newline at end of file