From fbda6376326bc2d5ba1712497fc99cc943b91647 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 9 Nov 2018 16:05:21 -0500 Subject: [PATCH] - Synchronized data. --- 2018/17xxx/CVE-2018-17612.json | 48 ++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19138.json | 48 ++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19139.json | 62 ++++++++++++++++++++++++++++++++++ 2018/19xxx/CVE-2018-19140.json | 18 ++++++++++ 4 files changed, 172 insertions(+), 4 deletions(-) create mode 100644 2018/19xxx/CVE-2018-19139.json create mode 100644 2018/19xxx/CVE-2018-19140.json diff --git a/2018/17xxx/CVE-2018-17612.json b/2018/17xxx/CVE-2018-17612.json index decf4730b28..37267ad0594 100644 --- a/2018/17xxx/CVE-2018-17612.json +++ b/2018/17xxx/CVE-2018-17612.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17612", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf", + "refsource" : "MISC", + "url" : "https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19138.json b/2018/19xxx/CVE-2018-19138.json index d6f0ca0640b..f80a9660251 100644 --- a/2018/19xxx/CVE-2018-19138.json +++ b/2018/19xxx/CVE-2018-19138.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19138", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/yanchongchong/swallow/issues/11", + "refsource" : "MISC", + "url" : "https://github.com/yanchongchong/swallow/issues/11" } ] } diff --git a/2018/19xxx/CVE-2018-19139.json b/2018/19xxx/CVE-2018-19139.json new file mode 100644 index 00000000000..f6f29ca44fd --- /dev/null +++ b/2018/19xxx/CVE-2018-19139.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19139", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/mdadams/jasper/issues/188", + "refsource" : "MISC", + "url" : "https://github.com/mdadams/jasper/issues/188" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19140.json b/2018/19xxx/CVE-2018-19140.json new file mode 100644 index 00000000000..41307480a77 --- /dev/null +++ b/2018/19xxx/CVE-2018-19140.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19140", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}