From 99aa595c855fba1b0170d2614bbcb947f37c8571 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 14:00:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/16xxx/CVE-2017-16232.json | 93 +++++++++++++++++++++++++++++++++- 2018/10xxx/CVE-2018-10093.json | 58 ++++++++++++++++++++- 2018/11xxx/CVE-2018-11767.json | 56 +++++++++++++++++--- 2018/13xxx/CVE-2018-13103.json | 53 ++++++++++++++++++- 2018/13xxx/CVE-2018-13104.json | 53 ++++++++++++++++++- 2018/16xxx/CVE-2018-16789.json | 63 ++++++++++++++++++++++- 2018/17xxx/CVE-2018-17997.json | 58 ++++++++++++++++++++- 2018/18xxx/CVE-2018-18762.json | 53 ++++++++++++++++++- 2018/18xxx/CVE-2018-18881.json | 53 ++++++++++++++++++- 2018/19xxx/CVE-2018-19515.json | 53 ++++++++++++++++++- 2018/19xxx/CVE-2018-19524.json | 68 ++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19694.json | 63 ++++++++++++++++++++++- 2018/6xxx/CVE-2018-6517.json | 56 +++++++++++++++++--- 2019/5xxx/CVE-2019-5015.json | 5 ++ 14 files changed, 749 insertions(+), 36 deletions(-) diff --git a/2017/16xxx/CVE-2017-16232.json b/2017/16xxx/CVE-2017-16232.json index 8fe2047389e..b4adddbbcf2 100644 --- a/2017/16xxx/CVE-2017-16232.json +++ b/2017/16xxx/CVE-2017-16232.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16232", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,73 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2017/11/01/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/11/01/11" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2017/11/01/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/11/01/3" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2017/11/01/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/11/01/7" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2017/11/01/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2017/11/01/8" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html" + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html", + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2018/Dec/32", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2018/Dec/32" + }, + { + "url": "http://seclists.org/fulldisclosure/2018/Dec/47", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2018/Dec/47" + }, + { + "url": "http://www.securityfocus.com/bid/101696", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/101696" } ] } diff --git a/2018/10xxx/CVE-2018-10093.json b/2018/10xxx/CVE-2018-10093.json index 96548015246..dd58b9fc214 100644 --- a/2018/10xxx/CVE-2018-10093.json +++ b/2018/10xxx/CVE-2018-10093.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10093", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151116/AudioCode-400HD-Remote-Command-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151116/AudioCode-400HD-Remote-Command-Injection.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2019/Jan/38", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Jan/38" + }, + { + "url": "https://www.exploit-db.com/exploits/46164/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/46164/" } ] } diff --git a/2018/11xxx/CVE-2018-11767.json b/2018/11xxx/CVE-2018-11767.json index 7a0611ab851..8149a164e64 100644 --- a/2018/11xxx/CVE-2018-11767.json +++ b/2018/11xxx/CVE-2018-11767.json @@ -1,17 +1,59 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-11767", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-11767", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Hadoop", + "version": { + "version_data": [ + { + "version_value": "Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": { + "lang": "eng", + "value": "Privilege Escalation" + } + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[hadoop-general] 20190311 CVE-2018-11767: Apache Hadoop KMS ACL regression", + "url": "https://lists.apache.org/thread.html/5fb771f66946dd5c99a8a5713347c24873846f555d716f9ac17bccca@%3Cgeneral.hadoop.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms." } ] } diff --git a/2018/13xxx/CVE-2018-13103.json b/2018/13xxx/CVE-2018-13103.json index 80defe60b95..036ade57b04 100644 --- a/2018/13xxx/CVE-2018-13103.json +++ b/2018/13xxx/CVE-2018-13103.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-13103", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OX App Suite 7.8.4 and earlier allows SSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2019/Jan/46", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Jan/46" } ] } diff --git a/2018/13xxx/CVE-2018-13104.json b/2018/13xxx/CVE-2018-13104.json index 197f134640d..167d74b3f87 100644 --- a/2018/13xxx/CVE-2018-13104.json +++ b/2018/13xxx/CVE-2018-13104.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-13104", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2019/Jan/46", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Jan/46" } ] } diff --git a/2018/16xxx/CVE-2018-16789.json b/2018/16xxx/CVE-2018-16789.json index a8d0b2ecca0..be078551dc1 100644 --- a/2018/16xxx/CVE-2018-16789.json +++ b/2018/16xxx/CVE-2018-16789.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16789", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/149978/Shell-In-A-Box-2.2.0-Denial-Of-Service.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/149978/Shell-In-A-Box-2.2.0-Denial-Of-Service.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2018/Oct/50", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2018/Oct/50" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361", + "url": "https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361" + }, + { + "refsource": "CONFIRM", + "name": "https://code.google.com/archive/p/shellinabox/issues", + "url": "https://code.google.com/archive/p/shellinabox/issues" } ] } diff --git a/2018/17xxx/CVE-2018-17997.json b/2018/17xxx/CVE-2018-17997.json index 9d3ae43cad7..200be474ccb 100644 --- a/2018/17xxx/CVE-2018-17997.json +++ b/2018/17xxx/CVE-2018-17997.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17997", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LayerBB 1.1.1 allows XSS via the titles of conversations (PMs)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46079", + "url": "https://www.exploit-db.com/exploits/46079/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/AndyRixon/LayerBB/commits/master", + "url": "https://github.com/AndyRixon/LayerBB/commits/master" } ] } diff --git a/2018/18xxx/CVE-2018-18762.json b/2018/18xxx/CVE-2018-18762.json index 4999d238dcc..167c77ee3c1 100644 --- a/2018/18xxx/CVE-2018-18762.json +++ b/2018/18xxx/CVE-2018-18762.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18762", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SaltOS 3.1 r8126 allows CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/150005/SaltOS-Erp-Crm-3.1-r8126-Database-Download.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/150005/SaltOS-Erp-Crm-3.1-r8126-Database-Download.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "45734", + "url": "https://www.exploit-db.com/exploits/45734/" } ] } diff --git a/2018/18xxx/CVE-2018-18881.json b/2018/18xxx/CVE-2018-18881.json index a812a6ae3fd..8919ce9d7a9 100644 --- a/2018/18xxx/CVE-2018-18881.json +++ b/2018/18xxx/CVE-2018-18881.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18881", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "106655", + "url": "http://www.securityfocus.com/bid/106655" + }, + { + "url": "https://applied-risk.com/labs/advisories", + "refsource": "MISC", + "name": "https://applied-risk.com/labs/advisories" } ] } diff --git a/2018/19xxx/CVE-2018-19515.json b/2018/19xxx/CVE-2018-19515.json index 69610a72342..c6167cbd1eb 100644 --- a/2018/19xxx/CVE-2018-19515.json +++ b/2018/19xxx/CVE-2018-19515.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19515", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2019/Jan/15", + "url": "https://seclists.org/fulldisclosure/2019/Jan/15" } ] } diff --git a/2018/19xxx/CVE-2018-19524.json b/2018/19xxx/CVE-2018-19524.json index 2e67b1ec1bb..e517db39746 100644 --- a/2018/19xxx/CVE-2018-19524.json +++ b/2018/19xxx/CVE-2018-19524.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19524", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151608/Skyworth-GPON-HomeGateways-Optical-Network-Stack-Overflow.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151608/Skyworth-GPON-HomeGateways-Optical-Network-Stack-Overflow.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2019/Feb/30", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Feb/30" + }, + { + "url": "https://seclists.org/bugtraq/2019/Feb/21", + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2019/Feb/21" + }, + { + "url": "https://www.exploit-db.com/exploits/46358/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/46358/" + }, + { + "url": "http://breakthesec.com", + "refsource": "MISC", + "name": "http://breakthesec.com" } ] } diff --git a/2018/19xxx/CVE-2018-19694.json b/2018/19xxx/CVE-2018-19694.json index c54710b8fea..d1d5c81b4bf 100644 --- a/2018/19xxx/CVE-2018-19694.json +++ b/2018/19xxx/CVE-2018-19694.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19694", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151119/HMS-Netbiter-WS100-3.30.5-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151119/HMS-Netbiter-WS100-3.30.5-Cross-Site-Scripting.html" + }, + { + "url": "https://seclists.org/bugtraq/2019/Jan/9", + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2019/Jan/9" + }, + { + "url": "https://www.netbiter.com/products", + "refsource": "MISC", + "name": "https://www.netbiter.com/products" + }, + { + "refsource": "CONFIRM", + "name": "https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2018-12-04-001-ec150-ec250-lc310-lc350-ws100-ws200-cve-2018-19694.pdf", + "url": "https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2018-12-04-001-ec150-ec250-lc310-lc350-ws100-ws200-cve-2018-19694.pdf" } ] } diff --git a/2018/6xxx/CVE-2018-6517.json b/2018/6xxx/CVE-2018-6517.json index 755058e14da..08276328a90 100644 --- a/2018/6xxx/CVE-2018-6517.json +++ b/2018/6xxx/CVE-2018-6517.json @@ -1,17 +1,59 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-6517", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-6517", + "ASSIGNER": "security@puppet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Puppet", + "product": { + "product_data": [ + { + "product_name": "Chloride", + "version": { + "version_data": [ + { + "version_value": "prior to 0.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": { + "lang": "eng", + "value": "Improper handling of known_hosts file" + } + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://puppet.com/security/cve/CVE-2018-6517", + "url": "https://puppet.com/security/cve/CVE-2018-6517" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride." } ] } diff --git a/2019/5xxx/CVE-2019-5015.json b/2019/5xxx/CVE-2019-5015.json index 88f9c01db0b..b1c2ebc5ab6 100644 --- a/2019/5xxx/CVE-2019-5015.json +++ b/2019/5xxx/CVE-2019-5015.json @@ -57,6 +57,11 @@ "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0773", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0773" + }, + { + "refsource": "BID", + "name": "107436", + "url": "http://www.securityfocus.com/bid/107436" } ] }