diff --git a/2018/10xxx/CVE-2018-10075.json b/2018/10xxx/CVE-2018-10075.json index 7ab74a79c02..9820ce94670 100644 --- a/2018/10xxx/CVE-2018-10075.json +++ b/2018/10xxx/CVE-2018-10075.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-10075", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.manageengine.com/products/eventlog/release-notes.html", + "refsource" : "CONFIRM", + "url" : "https://www.manageengine.com/products/eventlog/release-notes.html" } ] } diff --git a/2018/10xxx/CVE-2018-10076.json b/2018/10xxx/CVE-2018-10076.json index 8366fc7d5e5..852fda87008 100644 --- a/2018/10xxx/CVE-2018-10076.json +++ b/2018/10xxx/CVE-2018-10076.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-10076", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.manageengine.com/products/eventlog/release-notes.html", + "refsource" : "CONFIRM", + "url" : "https://www.manageengine.com/products/eventlog/release-notes.html" } ] } diff --git a/2018/12xxx/CVE-2018-12499.json b/2018/12xxx/CVE-2018-12499.json index 50da10b4cee..54c51840197 100644 --- a/2018/12xxx/CVE-2018-12499.json +++ b/2018/12xxx/CVE-2018-12499.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-12499", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blog.sean-wright.com/cve-2018-12499/", + "refsource" : "MISC", + "url" : "https://blog.sean-wright.com/cve-2018-12499/" } ] } diff --git a/2018/12xxx/CVE-2018-12528.json b/2018/12xxx/CVE-2018-12528.json index fa6882e5d71..c7aa749a552 100644 --- a/2018/12xxx/CVE-2018-12528.json +++ b/2018/12xxx/CVE-2018-12528.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-12528", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "44933", + "refsource" : "EXPLOIT-DB", + "url" : "https://www.exploit-db.com/exploits/44933/" + }, + { + "name" : "http://securitywarrior9.blogspot.com/2018/06/malicious-file-upload-intex-router-n.html", + "refsource" : "MISC", + "url" : "http://securitywarrior9.blogspot.com/2018/06/malicious-file-upload-intex-router-n.html" } ] } diff --git a/2018/12xxx/CVE-2018-12529.json b/2018/12xxx/CVE-2018-12529.json index dafa7fd864d..aaabe08a79a 100644 --- a/2018/12xxx/CVE-2018-12529.json +++ b/2018/12xxx/CVE-2018-12529.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-12529", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "44939", + "refsource" : "EXPLOIT-DB", + "url" : "https://www.exploit-db.com/exploits/44939/" + }, + { + "name" : "http://securitywarrior9.blogspot.com/2018/06/cross-site-request-forgery-intex-router.html", + "refsource" : "MISC", + "url" : "http://securitywarrior9.blogspot.com/2018/06/cross-site-request-forgery-intex-router.html" } ] } diff --git a/2018/12xxx/CVE-2018-12574.json b/2018/12xxx/CVE-2018-12574.json index d3a610d6866..9076faa19e7 100644 --- a/2018/12xxx/CVE-2018-12574.json +++ b/2018/12xxx/CVE-2018-12574.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-12574", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://software-talk.org/blog/2018/06/tplink-wr841n-csrf-cve-2018-12574/", + "refsource" : "MISC", + "url" : "https://software-talk.org/blog/2018/06/tplink-wr841n-csrf-cve-2018-12574/" } ] } diff --git a/2018/12xxx/CVE-2018-12575.json b/2018/12xxx/CVE-2018-12575.json index daca62f3bf4..f4a33e11b72 100644 --- a/2018/12xxx/CVE-2018-12575.json +++ b/2018/12xxx/CVE-2018-12575.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-12575", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://software-talk.org/blog/2018/06/tplink-wr841n-broken-auth-cve-2018-12575/", + "refsource" : "MISC", + "url" : "https://software-talk.org/blog/2018/06/tplink-wr841n-broken-auth-cve-2018-12575/" } ] } diff --git a/2018/12xxx/CVE-2018-12576.json b/2018/12xxx/CVE-2018-12576.json index d1b7a217e8b..4b43b8f3054 100644 --- a/2018/12xxx/CVE-2018-12576.json +++ b/2018/12xxx/CVE-2018-12576.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-12576", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://software-talk.org/blog/2018/04/tplink-wr841n-clickjacking-https/", + "refsource" : "MISC", + "url" : "https://software-talk.org/blog/2018/04/tplink-wr841n-clickjacking-https/" } ] } diff --git a/2018/12xxx/CVE-2018-12577.json b/2018/12xxx/CVE-2018-12577.json index 52cd0d22081..9dc5303e009 100644 --- a/2018/12xxx/CVE-2018-12577.json +++ b/2018/12xxx/CVE-2018-12577.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-12577", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://software-talk.org/blog/2018/06/tplink-wr841n-code-exec-cve-2018-12577/", + "refsource" : "MISC", + "url" : "https://software-talk.org/blog/2018/06/tplink-wr841n-code-exec-cve-2018-12577/" } ] } diff --git a/2018/12xxx/CVE-2018-12602.json b/2018/12xxx/CVE-2018-12602.json index 3f4ed4a6db1..ea6af1aa6e2 100644 --- a/2018/12xxx/CVE-2018-12602.json +++ b/2018/12xxx/CVE-2018-12602.json @@ -61,6 +61,11 @@ "name" : "http://packetstormsecurity.com/files/148268/LFCMS-3.7.0-Cross-Site-Request-Forgery.html", "refsource" : "MISC", "url" : "http://packetstormsecurity.com/files/148268/LFCMS-3.7.0-Cross-Site-Request-Forgery.html" + }, + { + "name" : "https://www.cnblogs.com/v1vvwv/p/9203740.html", + "refsource" : "MISC", + "url" : "https://www.cnblogs.com/v1vvwv/p/9203740.html" } ] } diff --git a/2018/13xxx/CVE-2018-13057.json b/2018/13xxx/CVE-2018-13057.json new file mode 100644 index 00000000000..869bc5c87a4 --- /dev/null +++ b/2018/13xxx/CVE-2018-13057.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13057", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13058.json b/2018/13xxx/CVE-2018-13058.json new file mode 100644 index 00000000000..23e7f2a9e96 --- /dev/null +++ b/2018/13xxx/CVE-2018-13058.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13058", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13059.json b/2018/13xxx/CVE-2018-13059.json new file mode 100644 index 00000000000..1cd974d67b7 --- /dev/null +++ b/2018/13xxx/CVE-2018-13059.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13059", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13060.json b/2018/13xxx/CVE-2018-13060.json new file mode 100644 index 00000000000..742092739ba --- /dev/null +++ b/2018/13xxx/CVE-2018-13060.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13060", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13061.json b/2018/13xxx/CVE-2018-13061.json new file mode 100644 index 00000000000..8d0dfe8312e --- /dev/null +++ b/2018/13xxx/CVE-2018-13061.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13061", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13062.json b/2018/13xxx/CVE-2018-13062.json new file mode 100644 index 00000000000..4903495afa2 --- /dev/null +++ b/2018/13xxx/CVE-2018-13062.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13062", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13063.json b/2018/13xxx/CVE-2018-13063.json new file mode 100644 index 00000000000..d3399291160 --- /dev/null +++ b/2018/13xxx/CVE-2018-13063.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13063", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13064.json b/2018/13xxx/CVE-2018-13064.json new file mode 100644 index 00000000000..93c23becfa2 --- /dev/null +++ b/2018/13xxx/CVE-2018-13064.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13064", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13065.json b/2018/13xxx/CVE-2018-13065.json new file mode 100644 index 00000000000..99a0225983d --- /dev/null +++ b/2018/13xxx/CVE-2018-13065.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13065", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/9xxx/CVE-2018-9276.json b/2018/9xxx/CVE-2018-9276.json index 4a491e434eb..5d6692813be 100644 --- a/2018/9xxx/CVE-2018-9276.json +++ b/2018/9xxx/CVE-2018-9276.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-9276", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180626 PRTG < 18.2.39 Command Injection", + "refsource" : "BUGTRAQ", + "url" : "http://www.securityfocus.com/archive/1/archive/1/542103/100/0/threaded" + }, + { + "name" : "http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html" } ] }