diff --git a/2013/5xxx/CVE-2013-5391.json b/2013/5xxx/CVE-2013-5391.json index 3b39b1739ae..2f9904060e4 100644 --- a/2013/5xxx/CVE-2013-5391.json +++ b/2013/5xxx/CVE-2013-5391.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128." + "value" : "IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use of the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128." } ] }, diff --git a/2013/5xxx/CVE-2013-5461.json b/2013/5xxx/CVE-2013-5461.json index 7f88f7b9b01..c1a999f122e 100644 --- a/2013/5xxx/CVE-2013-5461.json +++ b/2013/5xxx/CVE-2013-5461.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which make it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309." + "value" : "IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309." } ] }, diff --git a/2018/10xxx/CVE-2018-10571.json b/2018/10xxx/CVE-2018-10571.json index c21489d0dd9..2c7430d2370 100644 --- a/2018/10xxx/CVE-2018-10571.json +++ b/2018/10xxx/CVE-2018-10571.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-10571", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/openemr/openemr/commit/699e3c2ef68545357cac714505df1419b8bf2051", + "refsource" : "MISC", + "url" : "https://github.com/openemr/openemr/commit/699e3c2ef68545357cac714505df1419b8bf2051" + }, + { + "name" : "https://github.com/openemr/openemr/issues/1518", + "refsource" : "MISC", + "url" : "https://github.com/openemr/openemr/issues/1518" + }, + { + "name" : "https://github.com/openemr/openemr/pull/1519", + "refsource" : "MISC", + "url" : "https://github.com/openemr/openemr/pull/1519" + }, + { + "name" : "https://www.open-emr.org/wiki/index.php/Release_Features#Version_5.0.1", + "refsource" : "MISC", + "url" : "https://www.open-emr.org/wiki/index.php/Release_Features#Version_5.0.1" } ] } diff --git a/2018/10xxx/CVE-2018-10572.json b/2018/10xxx/CVE-2018-10572.json index b1feb2342d8..8e10e2a164f 100644 --- a/2018/10xxx/CVE-2018-10572.json +++ b/2018/10xxx/CVE-2018-10572.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-10572", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/openemr/openemr/commit/699e3c2ef68545357cac714505df1419b8bf2051", + "refsource" : "MISC", + "url" : "https://github.com/openemr/openemr/commit/699e3c2ef68545357cac714505df1419b8bf2051" + }, + { + "name" : "https://github.com/openemr/openemr/issues/1518", + "refsource" : "MISC", + "url" : "https://github.com/openemr/openemr/issues/1518" + }, + { + "name" : "https://github.com/openemr/openemr/pull/1519", + "refsource" : "MISC", + "url" : "https://github.com/openemr/openemr/pull/1519" + }, + { + "name" : "https://www.open-emr.org/wiki/index.php/Release_Features#Version_5.0.1", + "refsource" : "MISC", + "url" : "https://www.open-emr.org/wiki/index.php/Release_Features#Version_5.0.1" } ] } diff --git a/2018/10xxx/CVE-2018-10573.json b/2018/10xxx/CVE-2018-10573.json index 2145a19fbd9..9e80c42fcc5 100644 --- a/2018/10xxx/CVE-2018-10573.json +++ b/2018/10xxx/CVE-2018-10573.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-10573", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/openemr/openemr/commit/699e3c2ef68545357cac714505df1419b8bf2051", + "refsource" : "MISC", + "url" : "https://github.com/openemr/openemr/commit/699e3c2ef68545357cac714505df1419b8bf2051" + }, + { + "name" : "https://github.com/openemr/openemr/issues/1518", + "refsource" : "MISC", + "url" : "https://github.com/openemr/openemr/issues/1518" + }, + { + "name" : "https://github.com/openemr/openemr/pull/1519", + "refsource" : "MISC", + "url" : "https://github.com/openemr/openemr/pull/1519" + }, + { + "name" : "https://www.open-emr.org/wiki/index.php/Release_Features#Version_5.0.1", + "refsource" : "MISC", + "url" : "https://www.open-emr.org/wiki/index.php/Release_Features#Version_5.0.1" } ] } diff --git a/2018/9xxx/CVE-2018-9310.json b/2018/9xxx/CVE-2018-9310.json index 90fe6dd849f..46b98d87509 100644 --- a/2018/9xxx/CVE-2018-9310.json +++ b/2018/9xxx/CVE-2018-9310.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-9310", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in MagniComp SysInfo before 10-H81 if setuid root (the default). This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.magnicomp.com/about/2018/CVE-2018-9310.html", + "refsource" : "CONFIRM", + "url" : "http://www.magnicomp.com/about/2018/CVE-2018-9310.html" } ] }