From d51a49ad20de5d442ee1aa0b23968f610a9a115f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 27 Apr 2018 12:05:59 -0400 Subject: [PATCH] - Synchronized data. --- 2013/5xxx/CVE-2013-5391.json | 53 +++++++++++++++++++++++++- 2013/5xxx/CVE-2013-5461.json | 58 ++++++++++++++++++++++++++++- 2013/6xxx/CVE-2013-6739.json | 53 +++++++++++++++++++++++++- 2013/7xxx/CVE-2013-7201.json | 58 ++++++++++++++++++++++++++++- 2013/7xxx/CVE-2013-7202.json | 53 +++++++++++++++++++++++++- 2014/0xxx/CVE-2014-0841.json | 53 +++++++++++++++++++++++++- 2014/1xxx/CVE-2014-1845.json | 68 +++++++++++++++++++++++++++++++++- 2014/1xxx/CVE-2014-1846.json | 63 ++++++++++++++++++++++++++++++- 2014/2xxx/CVE-2014-2552.json | 58 ++++++++++++++++++++++++++++- 2015/1xxx/CVE-2015-1857.json | 58 ++++++++++++++++++++++++++++- 2017/15xxx/CVE-2017-15528.json | 5 +++ 2018/10xxx/CVE-2018-10503.json | 62 +++++++++++++++++++++++++++++++ 2018/10xxx/CVE-2018-10504.json | 62 +++++++++++++++++++++++++++++++ 2018/10xxx/CVE-2018-10505.json | 18 +++++++++ 2018/10xxx/CVE-2018-10506.json | 18 +++++++++ 2018/10xxx/CVE-2018-10507.json | 18 +++++++++ 2018/10xxx/CVE-2018-10508.json | 18 +++++++++ 2018/10xxx/CVE-2018-10509.json | 18 +++++++++ 2018/10xxx/CVE-2018-10510.json | 18 +++++++++ 2018/10xxx/CVE-2018-10511.json | 18 +++++++++ 2018/10xxx/CVE-2018-10512.json | 18 +++++++++ 2018/10xxx/CVE-2018-10513.json | 18 +++++++++ 2018/10xxx/CVE-2018-10514.json | 18 +++++++++ 2018/5xxx/CVE-2018-5337.json | 5 +++ 2018/5xxx/CVE-2018-5338.json | 5 +++ 2018/5xxx/CVE-2018-5339.json | 5 +++ 2018/5xxx/CVE-2018-5340.json | 5 +++ 2018/5xxx/CVE-2018-5341.json | 5 +++ 2018/7xxx/CVE-2018-7669.json | 53 +++++++++++++++++++++++++- 29 files changed, 940 insertions(+), 22 deletions(-) create mode 100644 2018/10xxx/CVE-2018-10503.json create mode 100644 2018/10xxx/CVE-2018-10504.json create mode 100644 2018/10xxx/CVE-2018-10505.json create mode 100644 2018/10xxx/CVE-2018-10506.json create mode 100644 2018/10xxx/CVE-2018-10507.json create mode 100644 2018/10xxx/CVE-2018-10508.json create mode 100644 2018/10xxx/CVE-2018-10509.json create mode 100644 2018/10xxx/CVE-2018-10510.json create mode 100644 2018/10xxx/CVE-2018-10511.json create mode 100644 2018/10xxx/CVE-2018-10512.json create mode 100644 2018/10xxx/CVE-2018-10513.json create mode 100644 2018/10xxx/CVE-2018-10514.json diff --git a/2013/5xxx/CVE-2013-5391.json b/2013/5xxx/CVE-2013-5391.json index f0a475806ac..3b39b1739ae 100644 --- a/2013/5xxx/CVE-2013-5391.json +++ b/2013/5xxx/CVE-2013-5391.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2013-5391", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665731", + "refsource" : "CONFIRM", + "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665731" + }, + { + "name" : "ibm-traveler-cve20135391-weak-security(87128)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87128" } ] } diff --git a/2013/5xxx/CVE-2013-5461.json b/2013/5xxx/CVE-2013-5461.json index 3ead56da984..7f88f7b9b01 100644 --- a/2013/5xxx/CVE-2013-5461.json +++ b/2013/5xxx/CVE-2013-5461.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2013-5461", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which make it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461/", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461/" + }, + { + "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461/", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461/" + }, + { + "name" : "ibm-tivoli-cve20135461-info-disc(88309)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88309" } ] } diff --git a/2013/6xxx/CVE-2013-6739.json b/2013/6xxx/CVE-2013-6739.json index 652e17106da..c6fae7d6722 100644 --- a/2013/6xxx/CVE-2013-6739.json +++ b/2013/6xxx/CVE-2013-6739.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2013-6739", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663960", + "refsource" : "CONFIRM", + "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663960" + }, + { + "name" : "ibm-spss-cve20136739-sec-bypass(89855)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89855" } ] } diff --git a/2013/7xxx/CVE-2013-7201.json b/2013/7xxx/CVE-2013-7201.json index faf7b7feca5..db5eecdb326 100644 --- a/2013/7xxx/CVE-2013-7201.json +++ b/2013/7xxx/CVE-2013-7201.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2013-7201", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://labs.mwrinfosecurity.com/advisories/paypal-remote-code-execution/", + "refsource" : "MISC", + "url" : "https://labs.mwrinfosecurity.com/advisories/paypal-remote-code-execution/" + }, + { + "name" : "57351", + "refsource" : "SECUNIA", + "url" : "http://secunia.com/advisories/57351" + }, + { + "name" : "paypal-cve20137201-sec-bypass(92098)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92098" } ] } diff --git a/2013/7xxx/CVE-2013-7202.json b/2013/7xxx/CVE-2013-7202.json index 3a4f36668c4..f44b5e084fe 100644 --- a/2013/7xxx/CVE-2013-7202.json +++ b/2013/7xxx/CVE-2013-7202.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2013-7202", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://labs.mwrinfosecurity.com/advisories/paypal-remote-code-execution/", + "refsource" : "MISC", + "url" : "https://labs.mwrinfosecurity.com/advisories/paypal-remote-code-execution/" + }, + { + "name" : "paypal-android-cve20147202-code-exec(92099)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92099" } ] } diff --git a/2014/0xxx/CVE-2014-0841.json b/2014/0xxx/CVE-2014-0841.json index 65f7d09705a..9a4487dbb8f 100644 --- a/2014/0xxx/CVE-2014-0841.json +++ b/2014/0xxx/CVE-2014-0841.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-0841", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/" + }, + { + "name" : "ibm-focalpoint-cve20140841-weak-sec(90704)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90704" } ] } diff --git a/2014/1xxx/CVE-2014-1845.json b/2014/1xxx/CVE-2014-1845.json index a49a52bddad..076fb6b958b 100644 --- a/2014/1xxx/CVE-2014-1845.json +++ b/2014/1xxx/CVE-2014-1845.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-1845", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,48 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2014/02/03/19" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410" + }, + { + "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0", + "refsource" : "CONFIRM", + "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0" + }, + { + "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", + "refsource" : "CONFIRM", + "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b" + }, + { + "name" : "enlightenment-helper-priv-esc(91216)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91216" } ] } diff --git a/2014/1xxx/CVE-2014-1846.json b/2014/1xxx/CVE-2014-1846.json index a3e5a759647..48a419e74b2 100644 --- a/2014/1xxx/CVE-2014-1846.json +++ b/2014/1xxx/CVE-2014-1846.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-1846", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2014/02/03/19" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410" + }, + { + "name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", + "refsource" : "CONFIRM", + "url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b" + }, + { + "name" : "enlightenment-configuration-priv-esc(91215)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91215" } ] } diff --git a/2014/2xxx/CVE-2014-2552.json b/2014/2xxx/CVE-2014-2552.json index c29cb96a307..16a198255f9 100644 --- a/2014/2xxx/CVE-2014-2552.json +++ b/2014/2xxx/CVE-2014-2552.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-2552", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853", + "refsource" : "MISC", + "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853" + }, + { + "name" : "https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f", + "refsource" : "CONFIRM", + "url" : "https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f" + }, + { + "name" : "bccollected-ezpublish-cve20142552sec-bypass(92129)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92129" } ] } diff --git a/2015/1xxx/CVE-2015-1857.json b/2015/1xxx/CVE-2015-1857.json index b5c0b754fcc..3a62d559f79 100644 --- a/2015/1xxx/CVE-2015-1857.json +++ b/2015/1xxx/CVE-2015-1857.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-1857", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://cloudrouter.org/security/", + "refsource" : "CONFIRM", + "url" : "https://cloudrouter.org/security/" + }, + { + "name" : "https://git.opendaylight.org/gerrit/#/c/17709/", + "refsource" : "CONFIRM", + "url" : "https://git.opendaylight.org/gerrit/#/c/17709/" + }, + { + "name" : "https://wiki.opendaylight.org/view/Security_Advisories", + "refsource" : "CONFIRM", + "url" : "https://wiki.opendaylight.org/view/Security_Advisories" } ] } diff --git a/2017/15xxx/CVE-2017-15528.json b/2017/15xxx/CVE-2017-15528.json index 11191ea6a51..90e90c79dd9 100644 --- a/2017/15xxx/CVE-2017-15528.json +++ b/2017/15xxx/CVE-2017-15528.json @@ -52,6 +52,11 @@ }, "references" : { "reference_data" : [ + { + "name" : "https://www.info-sec.ca/advisories/Norton-Security.html", + "refsource" : "MISC", + "url" : "https://www.info-sec.ca/advisories/Norton-Security.html" + }, { "name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171121_00", "refsource" : "CONFIRM", diff --git a/2018/10xxx/CVE-2018-10503.json b/2018/10xxx/CVE-2018-10503.json new file mode 100644 index 00000000000..9474d7adc25 --- /dev/null +++ b/2018/10xxx/CVE-2018-10503.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10503", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/monburan/attack-baijiacmsV4-with-csrf", + "refsource" : "MISC", + "url" : "https://github.com/monburan/attack-baijiacmsV4-with-csrf" + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10504.json b/2018/10xxx/CVE-2018-10504.json new file mode 100644 index 00000000000..73627b7f970 --- /dev/null +++ b/2018/10xxx/CVE-2018-10504.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10504", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The WebDorado \"Form Maker by WD\" plugin before 1.12.24 for WordPress allows CSV injection." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/form-maker/#developers", + "refsource" : "MISC", + "url" : "https://wordpress.org/plugins/form-maker/#developers" + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10505.json b/2018/10xxx/CVE-2018-10505.json new file mode 100644 index 00000000000..116867d8487 --- /dev/null +++ b/2018/10xxx/CVE-2018-10505.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10505", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10506.json b/2018/10xxx/CVE-2018-10506.json new file mode 100644 index 00000000000..f41afdd0a72 --- /dev/null +++ b/2018/10xxx/CVE-2018-10506.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10506", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10507.json b/2018/10xxx/CVE-2018-10507.json new file mode 100644 index 00000000000..4c6da2863e6 --- /dev/null +++ b/2018/10xxx/CVE-2018-10507.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10507", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10508.json b/2018/10xxx/CVE-2018-10508.json new file mode 100644 index 00000000000..ca3e88eb5cc --- /dev/null +++ b/2018/10xxx/CVE-2018-10508.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10508", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10509.json b/2018/10xxx/CVE-2018-10509.json new file mode 100644 index 00000000000..80e3d48abe8 --- /dev/null +++ b/2018/10xxx/CVE-2018-10509.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10509", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10510.json b/2018/10xxx/CVE-2018-10510.json new file mode 100644 index 00000000000..2eb239346f6 --- /dev/null +++ b/2018/10xxx/CVE-2018-10510.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10510", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10511.json b/2018/10xxx/CVE-2018-10511.json new file mode 100644 index 00000000000..84f2e61e1b9 --- /dev/null +++ b/2018/10xxx/CVE-2018-10511.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10511", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10512.json b/2018/10xxx/CVE-2018-10512.json new file mode 100644 index 00000000000..12a29bb934c --- /dev/null +++ b/2018/10xxx/CVE-2018-10512.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10512", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10513.json b/2018/10xxx/CVE-2018-10513.json new file mode 100644 index 00000000000..82e4f1bb06c --- /dev/null +++ b/2018/10xxx/CVE-2018-10513.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10513", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10514.json b/2018/10xxx/CVE-2018-10514.json new file mode 100644 index 00000000000..c483448834c --- /dev/null +++ b/2018/10xxx/CVE-2018-10514.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10514", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/5xxx/CVE-2018-5337.json b/2018/5xxx/CVE-2018-5337.json index 057718d4918..59ac14cc79f 100644 --- a/2018/5xxx/CVE-2018-5337.json +++ b/2018/5xxx/CVE-2018-5337.json @@ -56,6 +56,11 @@ "name" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/", "refsource" : "MISC", "url" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/" + }, + { + "name" : "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html", + "refsource" : "CONFIRM", + "url" : "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html" } ] } diff --git a/2018/5xxx/CVE-2018-5338.json b/2018/5xxx/CVE-2018-5338.json index 37ac0786351..91d44171c7d 100644 --- a/2018/5xxx/CVE-2018-5338.json +++ b/2018/5xxx/CVE-2018-5338.json @@ -56,6 +56,11 @@ "name" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/", "refsource" : "MISC", "url" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/" + }, + { + "name" : "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html", + "refsource" : "CONFIRM", + "url" : "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html" } ] } diff --git a/2018/5xxx/CVE-2018-5339.json b/2018/5xxx/CVE-2018-5339.json index 6ec09f9fe8f..29233d8c940 100644 --- a/2018/5xxx/CVE-2018-5339.json +++ b/2018/5xxx/CVE-2018-5339.json @@ -56,6 +56,11 @@ "name" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/", "refsource" : "MISC", "url" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/" + }, + { + "name" : "https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html", + "refsource" : "CONFIRM", + "url" : "https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html" } ] } diff --git a/2018/5xxx/CVE-2018-5340.json b/2018/5xxx/CVE-2018-5340.json index 9f2e40442dd..c7b4d55cd4c 100644 --- a/2018/5xxx/CVE-2018-5340.json +++ b/2018/5xxx/CVE-2018-5340.json @@ -56,6 +56,11 @@ "name" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/", "refsource" : "MISC", "url" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/" + }, + { + "name" : "https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html", + "refsource" : "CONFIRM", + "url" : "https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html" } ] } diff --git a/2018/5xxx/CVE-2018-5341.json b/2018/5xxx/CVE-2018-5341.json index 2b5d5599aa1..bfd3749121b 100644 --- a/2018/5xxx/CVE-2018-5341.json +++ b/2018/5xxx/CVE-2018-5341.json @@ -56,6 +56,11 @@ "name" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/", "refsource" : "MISC", "url" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/" + }, + { + "name" : "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html", + "refsource" : "CONFIRM", + "url" : "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html" } ] } diff --git a/2018/7xxx/CVE-2018-7669.json b/2018/7xxx/CVE-2018-7669.json index 1998090bed1..279213ff981 100644 --- a/2018/7xxx/CVE-2018-7669.json +++ b/2018/7xxx/CVE-2018-7669.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-7669", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file= URI. Validation is performed to ensure that the text passed to the 'file' parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional 'dot dot' style attack." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180424 Sitecore Directory Traversal Vulnerability", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Apr/47" + }, + { + "name" : "https://kb.sitecore.net/articles/356221", + "refsource" : "CONFIRM", + "url" : "https://kb.sitecore.net/articles/356221" } ] }