diff --git a/2018/20xxx/CVE-2018-20727.json b/2018/20xxx/CVE-2018-20727.json index 0ca51264bd9..6dc5b847317 100644 --- a/2018/20xxx/CVE-2018-20727.json +++ b/2018/20xxx/CVE-2018-20727.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20727", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.nedi.ch/end-of-year-update/", + "refsource" : "MISC", + "url" : "https://www.nedi.ch/end-of-year-update/" + }, + { + "name" : "https://www.sakerhetskontoret.com/disclosures/nedi/report.html", + "refsource" : "MISC", + "url" : "https://www.sakerhetskontoret.com/disclosures/nedi/report.html" } ] } diff --git a/2018/20xxx/CVE-2018-20728.json b/2018/20xxx/CVE-2018-20728.json index 30d75b21091..3c13f972d53 100644 --- a/2018/20xxx/CVE-2018-20728.json +++ b/2018/20xxx/CVE-2018-20728.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20728", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.nedi.ch/end-of-year-update/", + "refsource" : "MISC", + "url" : "https://www.nedi.ch/end-of-year-update/" + }, + { + "name" : "https://www.sakerhetskontoret.com/disclosures/nedi/report.html", + "refsource" : "MISC", + "url" : "https://www.sakerhetskontoret.com/disclosures/nedi/report.html" } ] } diff --git a/2018/20xxx/CVE-2018-20729.json b/2018/20xxx/CVE-2018-20729.json index e285f0f3528..4171a841e31 100644 --- a/2018/20xxx/CVE-2018-20729.json +++ b/2018/20xxx/CVE-2018-20729.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20729", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.nedi.ch/end-of-year-update/", + "refsource" : "MISC", + "url" : "https://www.nedi.ch/end-of-year-update/" + }, + { + "name" : "https://www.sakerhetskontoret.com/disclosures/nedi/report.html", + "refsource" : "MISC", + "url" : "https://www.sakerhetskontoret.com/disclosures/nedi/report.html" } ] } diff --git a/2018/20xxx/CVE-2018-20730.json b/2018/20xxx/CVE-2018-20730.json index 6ace31e08c4..0de7f27571e 100644 --- a/2018/20xxx/CVE-2018-20730.json +++ b/2018/20xxx/CVE-2018-20730.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20730", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.nedi.ch/end-of-year-update/", + "refsource" : "MISC", + "url" : "https://www.nedi.ch/end-of-year-update/" + }, + { + "name" : "https://www.sakerhetskontoret.com/disclosures/nedi/report.html", + "refsource" : "MISC", + "url" : "https://www.sakerhetskontoret.com/disclosures/nedi/report.html" } ] } diff --git a/2018/20xxx/CVE-2018-20731.json b/2018/20xxx/CVE-2018-20731.json index c2b066aa924..1892d9eee16 100644 --- a/2018/20xxx/CVE-2018-20731.json +++ b/2018/20xxx/CVE-2018-20731.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20731", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.nedi.ch/end-of-year-update/", + "refsource" : "MISC", + "url" : "https://www.nedi.ch/end-of-year-update/" + }, + { + "name" : "https://www.sakerhetskontoret.com/disclosures/nedi/report.html", + "refsource" : "MISC", + "url" : "https://www.sakerhetskontoret.com/disclosures/nedi/report.html" } ] }