From 43ab3d28160140dca603176f3651323f3d915e0b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 21 Dec 2018 17:15:27 -0500 Subject: [PATCH] - Synchronized data. --- 2018/16xxx/CVE-2018-16778.json | 48 ++++++++++++++++++++++++++-- 2018/18xxx/CVE-2018-18629.json | 5 +++ 2018/20xxx/CVE-2018-20226.json | 58 ++++++++++++++++++++++++++++++++-- 2018/20xxx/CVE-2018-20322.json | 53 +++++++++++++++++++++++++++++-- 2018/20xxx/CVE-2018-20325.json | 48 ++++++++++++++++++++++++++-- 2018/7xxx/CVE-2018-7812.json | 5 +++ 6 files changed, 209 insertions(+), 8 deletions(-) diff --git a/2018/16xxx/CVE-2018-16778.json b/2018/16xxx/CVE-2018-16778.json index 4d7dda17b68..1fa11763814 100644 --- a/2018/16xxx/CVE-2018-16778.json +++ b/2018/16xxx/CVE-2018-16778.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16778", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://metamorfosec.com/Files/Advisories/METS-2018-004-A_XSS_Vulnerability_in_Jenzabar_8.2.1_to_9.2.0.txt", + "refsource" : "MISC", + "url" : "https://metamorfosec.com/Files/Advisories/METS-2018-004-A_XSS_Vulnerability_in_Jenzabar_8.2.1_to_9.2.0.txt" } ] } diff --git a/2018/18xxx/CVE-2018-18629.json b/2018/18xxx/CVE-2018-18629.json index 8c95f50d943..34536b0ab5f 100644 --- a/2018/18xxx/CVE-2018-18629.json +++ b/2018/18xxx/CVE-2018-18629.json @@ -57,6 +57,11 @@ "refsource" : "MISC", "url" : "https://hackerone.com/reports/426944" }, + { + "name" : "https://blog.mirch.io/2018/12/21/cve-2018-18629-keybase-linux-privilege-escalation/", + "refsource" : "MISC", + "url" : "https://blog.mirch.io/2018/12/21/cve-2018-18629-keybase-linux-privilege-escalation/" + }, { "name" : "https://keybase.io/docs/secadv/kb002", "refsource" : "CONFIRM", diff --git a/2018/20xxx/CVE-2018-20226.json b/2018/20xxx/CVE-2018-20226.json index 1da900032da..2d0b14ef3a5 100644 --- a/2018/20xxx/CVE-2018-20226.json +++ b/2018/20xxx/CVE-2018-20226.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20226", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.md", + "refsource" : "CONFIRM", + "url" : "https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.md" + }, + { + "name" : "https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967d1bde723a", + "refsource" : "CONFIRM", + "url" : "https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967d1bde723a" + }, + { + "name" : "https://github.com/TheHive-Project/Cortex/issues/158", + "refsource" : "CONFIRM", + "url" : "https://github.com/TheHive-Project/Cortex/issues/158" } ] } diff --git a/2018/20xxx/CVE-2018-20322.json b/2018/20xxx/CVE-2018-20322.json index 17ae40abdbf..46a4c49d5b6 100644 --- a/2018/20xxx/CVE-2018-20322.json +++ b/2018/20xxx/CVE-2018-20322.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20322", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "LimeSurvey contains an XSS vulnerability while uploading a ZIP file, resulting in JavaScript code execution against LimeSurvey admins." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.limesurvey.org/view.php?id=14376", + "refsource" : "MISC", + "url" : "https://bugs.limesurvey.org/view.php?id=14376" + }, + { + "name" : "https://github.com/LimeSurvey/LimeSurvey/commit/bfee69edaa0b90f97dc2d8fab09a87958cb32405", + "refsource" : "CONFIRM", + "url" : "https://github.com/LimeSurvey/LimeSurvey/commit/bfee69edaa0b90f97dc2d8fab09a87958cb32405" } ] } diff --git a/2018/20xxx/CVE-2018-20325.json b/2018/20xxx/CVE-2018-20325.json index d83776003c7..a5248242ba2 100644 --- a/2018/20xxx/CVE-2018-20325.json +++ b/2018/20xxx/CVE-2018-20325.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20325", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/danijar/definitions/issues/14", + "refsource" : "MISC", + "url" : "https://github.com/danijar/definitions/issues/14" } ] } diff --git a/2018/7xxx/CVE-2018-7812.json b/2018/7xxx/CVE-2018-7812.json index 86ccfb9e80e..0551d6cd9cc 100644 --- a/2018/7xxx/CVE-2018-7812.json +++ b/2018/7xxx/CVE-2018-7812.json @@ -52,6 +52,11 @@ }, "references" : { "reference_data" : [ + { + "name" : "https://github.com/SadFud/Exploits/tree/master/Real%20World/SCADA%20-%20IOT%20Systems/CVE-2018-7812", + "refsource" : "MISC", + "url" : "https://github.com/SadFud/Exploits/tree/master/Real%20World/SCADA%20-%20IOT%20Systems/CVE-2018-7812" + }, { "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/", "refsource" : "CONFIRM",