diff --git a/2018/17xxx/CVE-2018-17019.json b/2018/17xxx/CVE-2018-17019.json new file mode 100644 index 00000000000..f15521cb220 --- /dev/null +++ b/2018/17xxx/CVE-2018-17019.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17019", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In Bro through 2.5.5, there is a DoS in IRC protocol names command parsing in analyzer/protocol/irc/IRC.cc." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/bro/bro/commit/c2b18849f8bb833253538f5dfedb4ed1dc176a30", + "refsource" : "MISC", + "url" : "https://github.com/bro/bro/commit/c2b18849f8bb833253538f5dfedb4ed1dc176a30" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17020.json b/2018/17xxx/CVE-2018-17020.json new file mode 100644 index 00000000000..4f7a28ff6c5 --- /dev/null +++ b/2018/17xxx/CVE-2018-17020.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17020", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single \"GET / HTTP/1.1\\r\\n\" line." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ASUS%20GT-AC5300%20DOS1.MD", + "refsource" : "MISC", + "url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ASUS%20GT-AC5300%20DOS1.MD" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17021.json b/2018/17xxx/CVE-2018-17021.json new file mode 100644 index 00000000000..d1f141477cb --- /dev/null +++ b/2018/17xxx/CVE-2018-17021.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17021", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ac5300_xss/ASUS%20GT-AC5300%20XSS.MD", + "refsource" : "MISC", + "url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ac5300_xss/ASUS%20GT-AC5300%20XSS.MD" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17022.json b/2018/17xxx/CVE-2018-17022.json new file mode 100644 index 00000000000..a91ed1df35a --- /dev/null +++ b/2018/17xxx/CVE-2018-17022.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17022", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list(\"Storage_x_SharedPath\") request, because ej_select_list in router/httpd/web.c uses strcpy." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/buffer_overflow/ASUS%20GT-AC5300%20stack%20overflow.MD", + "refsource" : "MISC", + "url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/buffer_overflow/ASUS%20GT-AC5300%20stack%20overflow.MD" + } + ] + } +} diff --git a/2018/17xxx/CVE-2018-17023.json b/2018/17xxx/CVE-2018-17023.json new file mode 100644 index 00000000000..10e3a67f355 --- /dev/null +++ b/2018/17xxx/CVE-2018-17023.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17023", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/csrf_bypass_referer/ASUS%20GT-AC5300%20csrf%20bypass%20referer.MD", + "refsource" : "MISC", + "url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/csrf_bypass_referer/ASUS%20GT-AC5300%20csrf%20bypass%20referer.MD" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1330.json b/2018/1xxx/CVE-2018-1330.json index 08c26bdbd43..a01b9f2e808 100644 --- a/2018/1xxx/CVE-2018-1330.json +++ b/2018/1xxx/CVE-2018-1330.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "[dev] 20180913 CVE-2018-1330: Libprocess might crash when decoding malformed HTTP requests or malformed JSON payload.", + "refsource" : "MLIST", "url" : "https://lists.apache.org/thread.html/395cb6bcf367702acd1e580a1f39b56cdd7a5953d0368b4c1adb1dde@" } ]