From f1ab83f5b49871c6144ff19c371723dc8eac25c7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 9 Oct 2018 18:05:44 -0400 Subject: [PATCH] - Synchronized data. --- 2018/11xxx/CVE-2018-11796.json | 2 + 2018/17xxx/CVE-2018-17866.json | 53 ++++++++++++++++++++++++++- 2018/17xxx/CVE-2018-17958.json | 53 ++++++++++++++++++++++++++- 2018/17xxx/CVE-2018-17962.json | 53 ++++++++++++++++++++++++++- 2018/17xxx/CVE-2018-17963.json | 53 ++++++++++++++++++++++++++- 2018/18xxx/CVE-2018-18198.json | 67 ++++++++++++++++++++++++++++++++++ 2018/18xxx/CVE-2018-18199.json | 62 +++++++++++++++++++++++++++++++ 2018/18xxx/CVE-2018-18200.json | 62 +++++++++++++++++++++++++++++++ 2018/7xxx/CVE-2018-7631.json | 48 +++++++++++++++++++++++- 2018/7xxx/CVE-2018-7632.json | 48 +++++++++++++++++++++++- 2018/7xxx/CVE-2018-7633.json | 48 +++++++++++++++++++++++- 11 files changed, 535 insertions(+), 14 deletions(-) create mode 100644 2018/18xxx/CVE-2018-18198.json create mode 100644 2018/18xxx/CVE-2018-18199.json create mode 100644 2018/18xxx/CVE-2018-18200.json diff --git a/2018/11xxx/CVE-2018-11796.json b/2018/11xxx/CVE-2018-11796.json index a3f4d3f7326..ccc4dff779d 100644 --- a/2018/11xxx/CVE-2018-11796.json +++ b/2018/11xxx/CVE-2018-11796.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E", + "refsource" : "CONFIRM", "url" : "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E" } ] diff --git a/2018/17xxx/CVE-2018-17866.json b/2018/17xxx/CVE-2018-17866.json index cd3913edf96..4c0cc3705dd 100644 --- a/2018/17xxx/CVE-2018-17866.json +++ b/2018/17xxx/CVE-2018-17866.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17866", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the \"Ultimate Member - User Profile & Membership\" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the \"Primary button Text\" or \"Second button text\" field." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://serhack.me/articles/ultimate-member-xss-security-issue", + "refsource" : "MISC", + "url" : "https://serhack.me/articles/ultimate-member-xss-security-issue" + }, + { + "name" : "https://wordpress.org/plugins/ultimate-member/#developers", + "refsource" : "CONFIRM", + "url" : "https://wordpress.org/plugins/ultimate-member/#developers" } ] } diff --git a/2018/17xxx/CVE-2018-17958.json b/2018/17xxx/CVE-2018-17958.json index 170a2b98497..134edb5d1f7 100644 --- a/2018/17xxx/CVE-2018-17958.json +++ b/2018/17xxx/CVE-2018-17958.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17958", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[oss-security] 20181008 Qemu: integer overflow issues", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2018/10/08/1" + }, + { + "name" : "[qemu-devel] 20180926 [PULL 22/25] rtl8139: fix possible out of bound access", + "refsource" : "MLIST", + "url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html" } ] } diff --git a/2018/17xxx/CVE-2018-17962.json b/2018/17xxx/CVE-2018-17962.json index 1f83fb83858..ac7c396abe5 100644 --- a/2018/17xxx/CVE-2018-17962.json +++ b/2018/17xxx/CVE-2018-17962.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17962", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[oss-security] 20181008 Qemu: integer overflow issues", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2018/10/08/1" + }, + { + "name" : "[qemu-devel] 20180926 [PULL 23/25] pcnet: fix possible buffer overflow", + "refsource" : "MLIST", + "url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html" } ] } diff --git a/2018/17xxx/CVE-2018-17963.json b/2018/17xxx/CVE-2018-17963.json index 61c47fe901c..08bcd1e0062 100644 --- a/2018/17xxx/CVE-2018-17963.json +++ b/2018/17xxx/CVE-2018-17963.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17963", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[oss-security] 20181008 Qemu: integer overflow issues", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2018/10/08/1" + }, + { + "name" : "[qemu-devel] 20180926 [PULL 24/25] net: ignore packet size greater than INT_MAX", + "refsource" : "MLIST", + "url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html" } ] } diff --git a/2018/18xxx/CVE-2018-18198.json b/2018/18xxx/CVE-2018-18198.json new file mode 100644 index 00000000000..50d3799c7c5 --- /dev/null +++ b/2018/18xxx/CVE-2018-18198.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18198", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/redaxo/redaxo/releases/tag/5.6.4", + "refsource" : "MISC", + "url" : "https://github.com/redaxo/redaxo/releases/tag/5.6.4" + }, + { + "name" : "https://github.com/redaxo/redaxo4/issues/422", + "refsource" : "MISC", + "url" : "https://github.com/redaxo/redaxo4/issues/422" + } + ] + } +} diff --git a/2018/18xxx/CVE-2018-18199.json b/2018/18xxx/CVE-2018-18199.json new file mode 100644 index 00000000000..2c4fedaa1fa --- /dev/null +++ b/2018/18xxx/CVE-2018-18199.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18199", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Mediamanager in REDAXO before 5.6.4 has XSS." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/redaxo/redaxo/releases/tag/5.6.4", + "refsource" : "MISC", + "url" : "https://github.com/redaxo/redaxo/releases/tag/5.6.4" + } + ] + } +} diff --git a/2018/18xxx/CVE-2018-18200.json b/2018/18xxx/CVE-2018-18200.json new file mode 100644 index 00000000000..21e81e56cdf --- /dev/null +++ b/2018/18xxx/CVE-2018-18200.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-18200", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/redaxo/redaxo/releases/tag/5.6.4", + "refsource" : "MISC", + "url" : "https://github.com/redaxo/redaxo/releases/tag/5.6.4" + } + ] + } +} diff --git a/2018/7xxx/CVE-2018-7631.json b/2018/7xxx/CVE-2018-7631.json index 9eaf5e3b7ef..97570319b2d 100644 --- a/2018/7xxx/CVE-2018-7631.json +++ b/2018/7xxx/CVE-2018-7631.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-7631", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading \"/\" and without authentication." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/", + "refsource" : "MISC", + "url" : "https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/" } ] } diff --git a/2018/7xxx/CVE-2018-7632.json b/2018/7xxx/CVE-2018-7632.json index 270475ab536..d1bfe7e541b 100644 --- a/2018/7xxx/CVE-2018-7632.json +++ b/2018/7xxx/CVE-2018-7632.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-7632", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading \"/\" in the URL." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/", + "refsource" : "MISC", + "url" : "https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/" } ] } diff --git a/2018/7xxx/CVE-2018-7633.json b/2018/7xxx/CVE-2018-7633.json index edbdf593d74..b6ec8f10382 100644 --- a/2018/7xxx/CVE-2018-7633.json +++ b/2018/7xxx/CVE-2018-7633.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-7633", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/", + "refsource" : "MISC", + "url" : "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/" } ] }