From 39e889b1b6968e9b42785b64408f53338c4b674e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 25 May 2018 08:03:54 -0400 Subject: [PATCH] - Synchronized data. --- 2018/11xxx/CVE-2018-11441.json | 18 ++++++++++ 2018/11xxx/CVE-2018-11442.json | 62 ++++++++++++++++++++++++++++++++++ 2018/11xxx/CVE-2018-11443.json | 62 ++++++++++++++++++++++++++++++++++ 2018/11xxx/CVE-2018-11444.json | 62 ++++++++++++++++++++++++++++++++++ 2018/11xxx/CVE-2018-11445.json | 62 ++++++++++++++++++++++++++++++++++ 2018/1xxx/CVE-2018-1133.json | 50 +++++++++++++++++++++++++-- 2018/1xxx/CVE-2018-1134.json | 50 +++++++++++++++++++++++++-- 2018/1xxx/CVE-2018-1135.json | 50 +++++++++++++++++++++++++-- 2018/1xxx/CVE-2018-1136.json | 50 +++++++++++++++++++++++++-- 2018/1xxx/CVE-2018-1137.json | 50 +++++++++++++++++++++++++-- 10 files changed, 501 insertions(+), 15 deletions(-) create mode 100644 2018/11xxx/CVE-2018-11441.json create mode 100644 2018/11xxx/CVE-2018-11442.json create mode 100644 2018/11xxx/CVE-2018-11443.json create mode 100644 2018/11xxx/CVE-2018-11444.json create mode 100644 2018/11xxx/CVE-2018-11445.json diff --git a/2018/11xxx/CVE-2018-11441.json b/2018/11xxx/CVE-2018-11441.json new file mode 100644 index 00000000000..f9a771c37e2 --- /dev/null +++ b/2018/11xxx/CVE-2018-11441.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11441", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11442.json b/2018/11xxx/CVE-2018-11442.json new file mode 100644 index 00000000000..8e180ee913b --- /dev/null +++ b/2018/11xxx/CVE-2018-11442.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11442", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://gist.github.com/NinjaXshell/a5fae5e2d1031ca59160fbe29d94279c", + "refsource" : "MISC", + "url" : "https://gist.github.com/NinjaXshell/a5fae5e2d1031ca59160fbe29d94279c" + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11443.json b/2018/11xxx/CVE-2018-11443.json new file mode 100644 index 00000000000..638aed0d9d0 --- /dev/null +++ b/2018/11xxx/CVE-2018-11443.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11443", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://gist.github.com/NinjaXshell/be613dab99601f6abce884f6bc3d83a8", + "refsource" : "MISC", + "url" : "https://gist.github.com/NinjaXshell/be613dab99601f6abce884f6bc3d83a8" + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11444.json b/2018/11xxx/CVE-2018-11444.json new file mode 100644 index 00000000000..fd0014ca421 --- /dev/null +++ b/2018/11xxx/CVE-2018-11444.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11444", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A SQL Injection issue was observed in the parameter \"q\" in jobcard-ongoing.php in EasyService Billing 1.0." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://gist.github.com/NinjaXshell/4c0509096cb4ec6543b3f8050369920c", + "refsource" : "MISC", + "url" : "https://gist.github.com/NinjaXshell/4c0509096cb4ec6543b3f8050369920c" + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11445.json b/2018/11xxx/CVE-2018-11445.json new file mode 100644 index 00000000000..6cfb994f089 --- /dev/null +++ b/2018/11xxx/CVE-2018-11445.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11445", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://gist.github.com/NinjaXshell/a5fae5e2d1031ca59160fbe29d94279c", + "refsource" : "MISC", + "url" : "https://gist.github.com/NinjaXshell/a5fae5e2d1031ca59160fbe29d94279c" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1133.json b/2018/1xxx/CVE-2018-1133.json index 8b0557ba44a..652dba5d193 100644 --- a/2018/1xxx/CVE-2018-1133.json +++ b/2018/1xxx/CVE-2018-1133.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secalert@redhat.com", "ID" : "CVE-2018-1133", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Moodle 3.x unknown", + "version" : { + "version_data" : [ + { + "version_value" : "Moodle 3.x unknown" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "eval injection" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://moodle.org/mod/forum/discuss.php?d=371199", + "refsource" : "CONFIRM", + "url" : "https://moodle.org/mod/forum/discuss.php?d=371199" } ] } diff --git a/2018/1xxx/CVE-2018-1134.json b/2018/1xxx/CVE-2018-1134.json index 09e364f2a3b..4714163bfd5 100644 --- a/2018/1xxx/CVE-2018-1134.json +++ b/2018/1xxx/CVE-2018-1134.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secalert@redhat.com", "ID" : "CVE-2018-1134", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Moodle 3.x unknown", + "version" : { + "version_data" : [ + { + "version_value" : "Moodle 3.x unknown" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "incorrect access control" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://moodle.org/mod/forum/discuss.php?d=371200", + "refsource" : "CONFIRM", + "url" : "https://moodle.org/mod/forum/discuss.php?d=371200" } ] } diff --git a/2018/1xxx/CVE-2018-1135.json b/2018/1xxx/CVE-2018-1135.json index d2c231a8a0f..bc3f5372829 100644 --- a/2018/1xxx/CVE-2018-1135.json +++ b/2018/1xxx/CVE-2018-1135.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secalert@redhat.com", "ID" : "CVE-2018-1135", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Moodle 3.x unknown", + "version" : { + "version_data" : [ + { + "version_value" : "Moodle 3.x unknown" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "incorrect access control" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://moodle.org/mod/forum/discuss.php?d=371201", + "refsource" : "CONFIRM", + "url" : "https://moodle.org/mod/forum/discuss.php?d=371201" } ] } diff --git a/2018/1xxx/CVE-2018-1136.json b/2018/1xxx/CVE-2018-1136.json index 4b9596e832e..48301857fe6 100644 --- a/2018/1xxx/CVE-2018-1136.json +++ b/2018/1xxx/CVE-2018-1136.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secalert@redhat.com", "ID" : "CVE-2018-1136", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Moodle 3.x unknown", + "version" : { + "version_data" : [ + { + "version_value" : "Moodle 3.x unknown" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "incorrect access control" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://moodle.org/mod/forum/discuss.php?d=371202", + "refsource" : "CONFIRM", + "url" : "https://moodle.org/mod/forum/discuss.php?d=371202" } ] } diff --git a/2018/1xxx/CVE-2018-1137.json b/2018/1xxx/CVE-2018-1137.json index 2156d26c1f2..ddf77f4205f 100644 --- a/2018/1xxx/CVE-2018-1137.json +++ b/2018/1xxx/CVE-2018-1137.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "secalert@redhat.com", "ID" : "CVE-2018-1137", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Moodle 3.x unknown", + "version" : { + "version_data" : [ + { + "version_value" : "Moodle 3.x unknown" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "incorrect access control" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://moodle.org/mod/forum/discuss.php?d=371204", + "refsource" : "CONFIRM", + "url" : "https://moodle.org/mod/forum/discuss.php?d=371204" } ] }