From 0a3d25222d0709ba9cd9075bb5dfb2f86de025a4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 20 Dec 2018 15:23:32 -0500 Subject: [PATCH] - Synchronized data. --- 2018/1000xxx/CVE-2018-1000883.json | 71 +++++++++++++++++++++++++++++- 2018/1000xxx/CVE-2018-1000884.json | 66 ++++++++++++++++++++++++++- 2018/1000xxx/CVE-2018-1000885.json | 66 ++++++++++++++++++++++++++- 2018/1000xxx/CVE-2018-1000886.json | 66 ++++++++++++++++++++++++++- 2018/15xxx/CVE-2018-15329.json | 2 + 2018/15xxx/CVE-2018-15330.json | 2 + 2018/15xxx/CVE-2018-15331.json | 2 + 2018/8xxx/CVE-2018-8888.json | 4 +- 2018/8xxx/CVE-2018-8891.json | 4 +- 2018/8xxx/CVE-2018-8892.json | 2 + 10 files changed, 279 insertions(+), 6 deletions(-) diff --git a/2018/1000xxx/CVE-2018-1000883.json b/2018/1000xxx/CVE-2018-1000883.json index 0f29bc7680e..d1c5543dda4 100644 --- a/2018/1000xxx/CVE-2018-1000883.json +++ b/2018/1000xxx/CVE-2018-1000883.json @@ -1 +1,70 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573"},{"url": "https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml"}]},"description": {"description_data": [{"lang": "eng","value": "Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "All"}]},"product_name": "Plug"}]},"vendor_name": "Elixir Plug"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-20T10:18:08.690224","DATE_REQUESTED": "2018-12-19T13:39:45","ID": "CVE-2018-1000883","ASSIGNER": "kurt@seifried.org","REQUESTER": "maennchen@joshmartin.ch"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Header Injection"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "2018-12-20T10:18:08.690224", + "DATE_REQUESTED" : "2018-12-19T13:39:45", + "ID" : "CVE-2018-1000883", + "REQUESTER" : "maennchen@joshmartin.ch", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Plug", + "version" : { + "version_data" : [ + { + "version_value" : "All" + } + ] + } + } + ] + }, + "vendor_name" : "Elixir Plug" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Header Injection" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml", + "refsource" : "MISC", + "url" : "https://github.com/dependabot/elixir-security-advisories/blob/master/packages/plug/2017-04-17.yml" + }, + { + "name" : "https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573", + "refsource" : "MISC", + "url" : "https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000884.json b/2018/1000xxx/CVE-2018-1000884.json index d71d6a38258..0bbcb3cd57a 100644 --- a/2018/1000xxx/CVE-2018-1000884.json +++ b/2018/1000xxx/CVE-2018-1000884.json @@ -1 +1,65 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/serghey-rodin/vesta/commit/5f68c1b634abec2d5a4f83156bfd223d3a792f77#diff-4d7863e8c24a5e6102073acc2fb0f227"}]},"description": {"description_data": [{"lang": "eng","value": "Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. This attack appear to be exploitable via Unauthenticated network connectivity. This vulnerability appears to have been fixed in After commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- release version 0.9.8-19."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18"}]},"product_name": "Vesta CP"}]},"vendor_name": "Vesta CP"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-20T10:18:08.691288","DATE_REQUESTED": "2018-12-18T17:33:10","ID": "CVE-2018-1000884","ASSIGNER": "kurt@seifried.org","REQUESTER": "rory.mackie@arcturussecurity.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-208 / Information Exposure Through Timing Discrepancy"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "2018-12-20T10:18:08.691288", + "DATE_REQUESTED" : "2018-12-18T17:33:10", + "ID" : "CVE-2018-1000884", + "REQUESTER" : "rory.mackie@arcturussecurity.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Vesta CP", + "version" : { + "version_data" : [ + { + "version_value" : "Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18" + } + ] + } + } + ] + }, + "vendor_name" : "Vesta CP" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. This attack appear to be exploitable via Unauthenticated network connectivity. This vulnerability appears to have been fixed in After commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- release version 0.9.8-19." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-208 / Information Exposure Through Timing Discrepancy" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/serghey-rodin/vesta/commit/5f68c1b634abec2d5a4f83156bfd223d3a792f77#diff-4d7863e8c24a5e6102073acc2fb0f227", + "refsource" : "MISC", + "url" : "https://github.com/serghey-rodin/vesta/commit/5f68c1b634abec2d5a4f83156bfd223d3a792f77#diff-4d7863e8c24a5e6102073acc2fb0f227" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000885.json b/2018/1000xxx/CVE-2018-1000885.json index 28917e7d637..3f9cea4f940 100644 --- a/2018/1000xxx/CVE-2018-1000885.json +++ b/2018/1000xxx/CVE-2018-1000885.json @@ -1 +1,65 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://tech.feedyourhead.at/content/full-disclosure-remote-command-execution-in-phkp"}]},"description": {"description_data": [{"lang": "eng","value": "PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b"}]},"product_name": "PHKP"}]},"vendor_name": "PHKP"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-20T10:18:08.692244","DATE_REQUESTED": "2018-12-20T06:25:25","ID": "CVE-2018-1000885","ASSIGNER": "kurt@seifried.org","REQUESTER": "sec@feedyourhead.at"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "2018-12-20T10:18:08.692244", + "DATE_REQUESTED" : "2018-12-20T06:25:25", + "ID" : "CVE-2018-1000885", + "REQUESTER" : "sec@feedyourhead.at", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PHKP", + "version" : { + "version_data" : [ + { + "version_value" : "including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b" + } + ] + } + } + ] + }, + "vendor_name" : "PHKP" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Neutralization of Special Elements used in a Command ('Command Injection')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://tech.feedyourhead.at/content/full-disclosure-remote-command-execution-in-phkp", + "refsource" : "MISC", + "url" : "https://tech.feedyourhead.at/content/full-disclosure-remote-command-execution-in-phkp" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000886.json b/2018/1000xxx/CVE-2018-1000886.json index 13d02a01dd2..27fab4dfde6 100644 --- a/2018/1000xxx/CVE-2018-1000886.json +++ b/2018/1000xxx/CVE-2018-1000886.json @@ -1 +1,65 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392514"}]},"description": {"description_data": [{"lang": "eng","value": "nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.14.01rc5, 2.15"}]},"product_name": "nasm"}]},"vendor_name": "nasm"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-20T10:18:08.693272","DATE_REQUESTED": "2018-12-20T06:31:47","ID": "CVE-2018-1000886","ASSIGNER": "kurt@seifried.org","REQUESTER": "situlingyun@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Buffer Overflow"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "2018-12-20T10:18:08.693272", + "DATE_REQUESTED" : "2018-12-20T06:31:47", + "ID" : "CVE-2018-1000886", + "REQUESTER" : "situlingyun@gmail.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "nasm", + "version" : { + "version_data" : [ + { + "version_value" : "2.14.01rc5, 2.15" + } + ] + } + } + ] + }, + "vendor_name" : "nasm" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392514", + "refsource" : "MISC", + "url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392514" + } + ] + } +} diff --git a/2018/15xxx/CVE-2018-15329.json b/2018/15xxx/CVE-2018-15329.json index b84a5359d26..81dd967dfc5 100644 --- a/2018/15xxx/CVE-2018-15329.json +++ b/2018/15xxx/CVE-2018-15329.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K61620494", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K61620494" } ] diff --git a/2018/15xxx/CVE-2018-15330.json b/2018/15xxx/CVE-2018-15330.json index 4c964f66685..51a02bf3adf 100644 --- a/2018/15xxx/CVE-2018-15330.json +++ b/2018/15xxx/CVE-2018-15330.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K23328310", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K23328310" } ] diff --git a/2018/15xxx/CVE-2018-15331.json b/2018/15xxx/CVE-2018-15331.json index ea986bc826f..1a6f08fbe0f 100644 --- a/2018/15xxx/CVE-2018-15331.json +++ b/2018/15xxx/CVE-2018-15331.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K54843525", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K54843525" } ] diff --git a/2018/8xxx/CVE-2018-8888.json b/2018/8xxx/CVE-2018-8888.json index 321c55003a3..08faf4f93a2 100644 --- a/2018/8xxx/CVE-2018-8888.json +++ b/2018/8xxx/CVE-2018-8888.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "? A stored cross-site scripting (XSS) vulnerability in?the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator." + "value" : "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator." } ] }, @@ -53,6 +53,8 @@ "references" : { "reference_data" : [ { + "name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162", + "refsource" : "CONFIRM", "url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162" } ] diff --git a/2018/8xxx/CVE-2018-8891.json b/2018/8xxx/CVE-2018-8891.json index fdececa29f6..e71aa1a9379 100644 --- a/2018/8xxx/CVE-2018-8891.json +++ b/2018/8xxx/CVE-2018-8891.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed?in?the context of another Management Console administrator." + "value" : "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator." } ] }, @@ -53,6 +53,8 @@ "references" : { "reference_data" : [ { + "name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162", + "refsource" : "CONFIRM", "url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162" } ] diff --git a/2018/8xxx/CVE-2018-8892.json b/2018/8xxx/CVE-2018-8892.json index 2885aea6c54..858e90783f4 100644 --- a/2018/8xxx/CVE-2018-8892.json +++ b/2018/8xxx/CVE-2018-8892.json @@ -53,6 +53,8 @@ "references" : { "reference_data" : [ { + "name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162", + "refsource" : "CONFIRM", "url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162" } ]