From bdaee5f454a75c420431293dcb14858540d8cd32 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 6 Sep 2018 15:05:51 -0400 Subject: [PATCH] - Synchronized data. --- 2017/14xxx/CVE-2017-14026.json | 4 +- 2017/16xxx/CVE-2017-16714.json | 4 +- 2018/1000xxx/CVE-2018-1000669.json | 125 +++++++++++++++-------------- 2018/1000xxx/CVE-2018-1000670.json | 125 +++++++++++++++-------------- 2018/16xxx/CVE-2018-16618.json | 18 +++++ 2018/16xxx/CVE-2018-16619.json | 18 +++++ 2018/16xxx/CVE-2018-16620.json | 18 +++++ 2018/16xxx/CVE-2018-16621.json | 18 +++++ 2018/16xxx/CVE-2018-16622.json | 62 ++++++++++++++ 2018/5xxx/CVE-2018-5005.json | 2 +- 10 files changed, 269 insertions(+), 125 deletions(-) create mode 100644 2018/16xxx/CVE-2018-16618.json create mode 100644 2018/16xxx/CVE-2018-16619.json create mode 100644 2018/16xxx/CVE-2018-16620.json create mode 100644 2018/16xxx/CVE-2018-16621.json create mode 100644 2018/16xxx/CVE-2018-16622.json diff --git a/2017/14xxx/CVE-2017-14026.json b/2017/14xxx/CVE-2017-14026.json index 3b49bcab88b..6ff3a4aeb88 100644 --- a/2017/14xxx/CVE-2017-14026.json +++ b/2017/14xxx/CVE-2017-14026.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "IceQube Thermal Management Center versions prior to version 4.13 The web application does not properly authenticate users which may allow an attacker to gain access to sensitive information." + "value" : "In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information." } ] }, @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01" } ] diff --git a/2017/16xxx/CVE-2017-16714.json b/2017/16xxx/CVE-2017-16714.json index e12c3653777..77ab2b08197 100644 --- a/2017/16xxx/CVE-2017-16714.json +++ b/2017/16xxx/CVE-2017-16714.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "IceQube Thermal Management Center versions prior to version 4.13 Passwords are stored in plaintext in a file that is accessible without authentication." + "value" : "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication." } ] }, @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01" } ] diff --git a/2018/1000xxx/CVE-2018-1000669.json b/2018/1000xxx/CVE-2018-1000669.json index 14289804186..1e34f9cce42 100644 --- a/2018/1000xxx/CVE-2018-1000669.json +++ b/2018/1000xxx/CVE-2018-1000669.json @@ -1,65 +1,68 @@ { - "CVE_data_meta": { - "ASSIGNER": "kurt@seifried.org", - "DATE_ASSIGNED": "2018-09-03T16:07:16.979484", - "DATE_REQUESTED": "2018-08-24T17:46:09", - "ID": "CVE-2018-1000669", - "REQUESTER": "jiakyooi95@hotmail.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "KOHA Library System", - "version": { - "version_data": [ - { - "version_value": "16.11.x (up until 16.11.13)" - }, - { - "version_value": "17.05.x (up until 17.05.05)" - } + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "2018-09-03T16:07:16.979484", + "DATE_REQUESTED" : "2018-08-24T17:46:09", + "ID" : "CVE-2018-1000669", + "REQUESTER" : "jiakyooi95@hotmail.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "KOHA Library System", + "version" : { + "version_data" : [ + { + "version_value" : "16.11.x (up until 16.11.13)" + }, + { + "version_value" : "17.05.x (up until 17.05.05)" + } + ] + } + } ] - } - } - ] - }, - "vendor_name": "KOHA Library System" - } + }, + "vendor_name" : "KOHA Library System" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11." + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross ite Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email.. This vulnerability appears to have been fixed in 17.11." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross ite Request Forgery (CSRF)" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117" - } - ] - } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross ite Request Forgery (CSRF)" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117", + "refsource" : "CONFIRM", + "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117" + } + ] + } } diff --git a/2018/1000xxx/CVE-2018-1000670.json b/2018/1000xxx/CVE-2018-1000670.json index 0665348627c..c8614138b4f 100644 --- a/2018/1000xxx/CVE-2018-1000670.json +++ b/2018/1000xxx/CVE-2018-1000670.json @@ -1,65 +1,68 @@ { - "CVE_data_meta": { - "ASSIGNER": "kurt@seifried.org", - "DATE_ASSIGNED": "2018-09-03T16:07:16.980429", - "DATE_REQUESTED": "2018-08-24T17:52:47", - "ID": "CVE-2018-1000670", - "REQUESTER": "jiakyooi95@hotmail.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "KOHA Library System", - "version": { - "version_data": [ - { - "version_value": "16.11.x (up until 16.11.13)" - }, - { - "version_value": "17.05.x (up until 17.05.05)" - } + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "2018-09-03T16:07:16.980429", + "DATE_REQUESTED" : "2018-08-24T17:52:47", + "ID" : "CVE-2018-1000670", + "REQUESTER" : "jiakyooi95@hotmail.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "KOHA Library System", + "version" : { + "version_data" : [ + { + "version_value" : "16.11.x (up until 16.11.13)" + }, + { + "version_value" : "17.05.x (up until 17.05.05)" + } + ] + } + } ] - } - } - ] - }, - "vendor_name": "KOHA Library System" - } + }, + "vendor_name" : "KOHA Library System" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11." + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privillege escalation by taking control of higher privilleged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross Site Scripting (XSS)" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086" - } - ] - } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086", + "refsource" : "CONFIRM", + "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16618.json b/2018/16xxx/CVE-2018-16618.json new file mode 100644 index 00000000000..cce447520c1 --- /dev/null +++ b/2018/16xxx/CVE-2018-16618.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16618", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16619.json b/2018/16xxx/CVE-2018-16619.json new file mode 100644 index 00000000000..908a454c250 --- /dev/null +++ b/2018/16xxx/CVE-2018-16619.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16619", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16620.json b/2018/16xxx/CVE-2018-16620.json new file mode 100644 index 00000000000..7e375f52d2e --- /dev/null +++ b/2018/16xxx/CVE-2018-16620.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16620", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16621.json b/2018/16xxx/CVE-2018-16621.json new file mode 100644 index 00000000000..7733bce18c2 --- /dev/null +++ b/2018/16xxx/CVE-2018-16621.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16621", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16622.json b/2018/16xxx/CVE-2018-16622.json new file mode 100644 index 00000000000..132dad15a80 --- /dev/null +++ b/2018/16xxx/CVE-2018-16622.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-16622", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/doramart/DoraCMS/issues/136", + "refsource" : "MISC", + "url" : "https://github.com/doramart/DoraCMS/issues/136" + } + ] + } +} diff --git a/2018/5xxx/CVE-2018-5005.json b/2018/5xxx/CVE-2018-5005.json index 2fbeccd0e9a..40cf4691488 100644 --- a/2018/5xxx/CVE-2018-5005.json +++ b/2018/5xxx/CVE-2018-5005.json @@ -53,7 +53,7 @@ "references" : { "reference_data" : [ { - "name" : "APSB18-26", + "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-26.html", "refsource" : "CONFIRM", "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-26.html" }