From cb01a876ee1e35e755f7d4d63fa7142b10e7b0da Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 1 Oct 2018 19:04:27 -0400 Subject: [PATCH] - Synchronized data. --- 2015/9xxx/CVE-2015-9269.json | 58 +++++++++++++++++++++++++++++-- 2015/9xxx/CVE-2015-9270.json | 53 +++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17867.json | 48 ++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17868.json | 48 ++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17869.json | 48 ++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17870.json | 62 ++++++++++++++++++++++++++++++++++ 2018/17xxx/CVE-2018-17871.json | 18 ++++++++++ 2018/17xxx/CVE-2018-17872.json | 18 ++++++++++ 2018/17xxx/CVE-2018-17873.json | 18 ++++++++++ 2018/17xxx/CVE-2018-17874.json | 62 ++++++++++++++++++++++++++++++++++ 2018/7xxx/CVE-2018-7187.json | 5 +++ 11 files changed, 428 insertions(+), 10 deletions(-) create mode 100644 2018/17xxx/CVE-2018-17870.json create mode 100644 2018/17xxx/CVE-2018-17871.json create mode 100644 2018/17xxx/CVE-2018-17872.json create mode 100644 2018/17xxx/CVE-2018-17873.json create mode 100644 2018/17xxx/CVE-2018-17874.json diff --git a/2015/9xxx/CVE-2015-9269.json b/2015/9xxx/CVE-2015-9269.json index 8694de9d02b..1b853bcd7c6 100644 --- a/2015/9xxx/CVE-2015-9269.json +++ b/2015/9xxx/CVE-2015-9269.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-9269", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://seclists.org/fulldisclosure/2015/Jul/97", + "refsource" : "MISC", + "url" : "https://seclists.org/fulldisclosure/2015/Jul/97" + }, + { + "name" : "https://wordpress.org/plugins/wordpress-mobile-pack/#developers", + "refsource" : "MISC", + "url" : "https://wordpress.org/plugins/wordpress-mobile-pack/#developers" + }, + { + "name" : "https://www.openwall.com/lists/oss-security/2015/07/19/1", + "refsource" : "MISC", + "url" : "https://www.openwall.com/lists/oss-security/2015/07/19/1" } ] } diff --git a/2015/9xxx/CVE-2015-9270.json b/2015/9xxx/CVE-2015-9270.json index d64ae9ec0cb..ecbe395542e 100644 --- a/2015/9xxx/CVE-2015-9270.json +++ b/2015/9xxx/CVE-2015-9270.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-9270", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://seclists.org/fulldisclosure/2015/Jul/125", + "refsource" : "MISC", + "url" : "https://seclists.org/fulldisclosure/2015/Jul/125" + }, + { + "name" : "https://wordpress.org/plugins/the-holiday-calendar/#developers", + "refsource" : "MISC", + "url" : "https://wordpress.org/plugins/the-holiday-calendar/#developers" } ] } diff --git a/2018/17xxx/CVE-2018-17867.json b/2018/17xxx/CVE-2018-17867.json index 903ea609c4b..e64b8765d73 100644 --- a/2018/17xxx/CVE-2018-17867.json +++ b/2018/17xxx/CVE-2018-17867.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17867", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/", + "refsource" : "MISC", + "url" : "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/" } ] } diff --git a/2018/17xxx/CVE-2018-17868.json b/2018/17xxx/CVE-2018-17868.json index 6fe9e974136..3b0c3d8a670 100644 --- a/2018/17xxx/CVE-2018-17868.json +++ b/2018/17xxx/CVE-2018-17868.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17868", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "DASAN H660GW devices have Stored XSS in the Port Forwarding functionality." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/", + "refsource" : "MISC", + "url" : "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/" } ] } diff --git a/2018/17xxx/CVE-2018-17869.json b/2018/17xxx/CVE-2018-17869.json index 76662fd3410..11b3043c4d0 100644 --- a/2018/17xxx/CVE-2018-17869.json +++ b/2018/17xxx/CVE-2018-17869.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17869", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "DASAN H660GW devices do not implement any CSRF protection mechanism." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/", + "refsource" : "MISC", + "url" : "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/" } ] } diff --git a/2018/17xxx/CVE-2018-17870.json b/2018/17xxx/CVE-2018-17870.json new file mode 100644 index 00000000000..66d0947eeac --- /dev/null +++ b/2018/17xxx/CVE-2018-17870.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17870", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in BTITeam XBTIT 2.5.4. The \"returnto\" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/btiteam/xbtit/pull/59", + "refsource" : "MISC", + "url" : "https://github.com/btiteam/xbtit/pull/59" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17871.json b/2018/17xxx/CVE-2018-17871.json new file mode 100644 index 00000000000..500ec20a2cd --- /dev/null +++ b/2018/17xxx/CVE-2018-17871.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17871", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17872.json b/2018/17xxx/CVE-2018-17872.json new file mode 100644 index 00000000000..c8e13f8826d --- /dev/null +++ b/2018/17xxx/CVE-2018-17872.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17872", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17873.json b/2018/17xxx/CVE-2018-17873.json new file mode 100644 index 00000000000..678fd77cfba --- /dev/null +++ b/2018/17xxx/CVE-2018-17873.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17873", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17874.json b/2018/17xxx/CVE-2018-17874.json new file mode 100644 index 00000000000..e823a1ff385 --- /dev/null +++ b/2018/17xxx/CVE-2018-17874.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17874", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "ExpressionEngine before 4.3.5 has reflected XSS." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5", + "refsource" : "CONFIRM", + "url" : "https://docs.expressionengine.com/latest/about/changelog.html#version-4-3-5" + } + ] + } +} diff --git a/2018/7xxx/CVE-2018-7187.json b/2018/7xxx/CVE-2018-7187.json index 3f84cd2a9c6..1353c4fbcdf 100644 --- a/2018/7xxx/CVE-2018-7187.json +++ b/2018/7xxx/CVE-2018-7187.json @@ -57,6 +57,11 @@ "refsource" : "MLIST", "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00029.html" }, + { + "name" : "https://gist.github.com/SLAYEROWNER/b2a358f13ab267f2e9543bb9f9320ffc", + "refsource" : "MISC", + "url" : "https://gist.github.com/SLAYEROWNER/b2a358f13ab267f2e9543bb9f9320ffc" + }, { "name" : "https://github.com/golang/go/issues/23867", "refsource" : "CONFIRM",