admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-12-28 12:06:00 -05:00
parent 235c193435
commit 0f571be7bf
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
14 changed files with 614 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2018/16xxx/CVE-2018-16630.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16630",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Kirby v2.5.12 allows XSS by using the \"site files\" Add option to upload an SVG file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/security-provensec/CVE-2018-16630/blob/master/Kirby_Insecure%20file%20validation.pdf",
"refsource" : "MISC",
"url" : "https://github.com/security-provensec/CVE-2018-16630/blob/master/Kirby_Insecure%20file%20validation.pdf"
}
]
}

48
2018/16xxx/CVE-2018-16632.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16632",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/security-provensec/CVE-2018-16632/blob/master/mezzanine_persistent%20XSS.pdf",
"refsource" : "MISC",
"url" : "https://github.com/security-provensec/CVE-2018-16632/blob/master/mezzanine_persistent%20XSS.pdf"
}
]
}

48
2018/16xxx/CVE-2018-16637.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16637",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/security-provensec/CVE-2018-16637/blob/master/evolution_xss_stored.pdf",
"refsource" : "MISC",
"url" : "https://github.com/security-provensec/CVE-2018-16637/blob/master/evolution_xss_stored.pdf"
}
]
}

48
2018/16xxx/CVE-2018-16638.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16638",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Evolution CMS 1.4.x allows XSS via the manager/ search parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/security-provensec/CVE-2018-16638/blob/master/evolution_xss_reflected.pdf",
"refsource" : "MISC",
"url" : "https://github.com/security-provensec/CVE-2018-16638/blob/master/evolution_xss_reflected.pdf"
}
]
}

5
2018/17xxx/CVE-2018-17301.json
View File

@ -56,6 +56,11 @@
"name" : "https://github.com/espocrm/espocrm/issues/1038",
"refsource" : "MISC",
"url" : "https://github.com/espocrm/espocrm/issues/1038"
},
{
"name" : "https://github.com/security-provensec/CVE-2018-17301/blob/master/Non-persistent%20XSS%20in%20EspoCRM.pdf",
"refsource" : "MISC",
"url" : "https://github.com/security-provensec/CVE-2018-17301/blob/master/Non-persistent%20XSS%20in%20EspoCRM.pdf"
}
]
}

5
2018/17xxx/CVE-2018-17302.json
View File

@ -56,6 +56,11 @@
"name" : "https://github.com/espocrm/espocrm/issues/1039",
"refsource" : "MISC",
"url" : "https://github.com/espocrm/espocrm/issues/1039"
},
{
"name" : "https://github.com/security-provensec/CVE-2018-17302/blob/master/XSS%20(Stored)%20in%20EspoCRM.pdf",
"refsource" : "MISC",
"url" : "https://github.com/security-provensec/CVE-2018-17302/blob/master/XSS%20(Stored)%20in%20EspoCRM.pdf"
}
]
}

58
2018/18xxx/CVE-2018-18665.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18665",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://etherscan.io/address/0x7627de4b93263a6a7570b8dafa64bae812e5c394#code",
"refsource" : "MISC",
"url" : "https://etherscan.io/address/0x7627de4b93263a6a7570b8dafa64bae812e5c394#code"
},
{
"name" : "https://github.com/NexxusUniversity/nexxuscoin/issues/2",
"refsource" : "MISC",
"url" : "https://github.com/NexxusUniversity/nexxuscoin/issues/2"
},
{
"name" : "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md",
"refsource" : "MISC",
"url" : "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md"
}
]
}

58
2018/18xxx/CVE-2018-18666.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18666",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://etherscan.io/address/0x0bb217e40f8a5cb79adf04e1aab60e5abd0dfc1e#code",
"refsource" : "MISC",
"url" : "https://etherscan.io/address/0x0bb217e40f8a5cb79adf04e1aab60e5abd0dfc1e#code"
},
{
"name" : "https://github.com/SwftCoins/SwftCoin/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/SwftCoins/SwftCoin/issues/1"
},
{
"name" : "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md",
"refsource" : "MISC",
"url" : "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md"
}
]
}

58
2018/18xxx/CVE-2018-18667.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18667",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a related issue to CVE-2018-11812."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://etherscan.io/address/0x7703c35cffdc5cda8d27aa3df2f9ba6964544b6e#code",
"refsource" : "MISC",
"url" : "https://etherscan.io/address/0x7703c35cffdc5cda8d27aa3df2f9ba6964544b6e#code"
},
{
"name" : "https://github.com/klenergy/ethereum-contracts/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/klenergy/ethereum-contracts/issues/1"
},
{
"name" : "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md",
"refsource" : "MISC",
"url" : "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md"
}
]
}

53
2018/18xxx/CVE-2018-18696.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18696",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181203 CSRF Vulnerability in MicroStrategy Web application",
"refsource" : "BUGTRAQ",
"url" : "https://seclists.org/bugtraq/2018/Dec/3"
},
{
"name" : "https://raw.githubusercontent.com/Siros96/MicroStrategy_CSRF/master/PoC",
"refsource" : "MISC",
"url" : "https://raw.githubusercontent.com/Siros96/MicroStrategy_CSRF/master/PoC"
}
]
}

10
2018/18xxx/CVE-2018-18922.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "45892",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45892"
},
{
"name" : "https://hackpuntes.com/cve-2018-18922-ticketly-1-0-escalacion-de-privilegios-crear-cuenta-administrador/",
"refsource" : "MISC",
@ -61,6 +66,11 @@
"name" : "https://medium.com/@javierolmedo/cve-2018-18922-ticketly-1-0-privilege-escalation-add-admin-4d1b3696f367",
"refsource" : "MISC",
"url" : "https://medium.com/@javierolmedo/cve-2018-18922-ticketly-1-0-privilege-escalation-add-admin-4d1b3696f367"
},
{
"name" : "https://0day.today/exploit/31658",
"refsource" : "MISC",
"url" : "https://0day.today/exploit/31658"
}
]
}

62
2018/20xxx/CVE-2018-20575.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/zadewg/LIVEBOX-0DAY",
"refsource" : "MISC",
"url" : "https://github.com/zadewg/LIVEBOX-0DAY"
}
]
}
}

67
2018/20xxx/CVE-2018-20576.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20576",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gbhackers.com/orange-adsl-modems/",
"refsource" : "MISC",
"url" : "https://gbhackers.com/orange-adsl-modems/"
},
{
"name" : "https://github.com/zadewg/LIVEBOX-0DAY",
"refsource" : "MISC",
"url" : "https://github.com/zadewg/LIVEBOX-0DAY"
}
]
}
}

62
2018/20xxx/CVE-2018-20577.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/zadewg/LIVEBOX-0DAY",
"refsource" : "MISC",
"url" : "https://github.com/zadewg/LIVEBOX-0DAY"
}
]
}
}