diff --git a/2017/17xxx/CVE-2017-17691.json b/2017/17xxx/CVE-2017-17691.json index 8ecfa0a5c96..d4f193e7600 100644 --- a/2017/17xxx/CVE-2017-17691.json +++ b/2017/17xxx/CVE-2017-17691.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-17691", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt", + "refsource" : "MISC", + "url" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt" } ] } diff --git a/2018/12xxx/CVE-2018-12897.json b/2018/12xxx/CVE-2018-12897.json index 543ff34924b..1b51d72d64d 100644 --- a/2018/12xxx/CVE-2018-12897.json +++ b/2018/12xxx/CVE-2018-12897.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-12897", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://labs.nettitude.com/blog/solarwinds-cve-2018-12897-dameware-mini-remote-control-local-seh-buffer-overflow/", + "refsource" : "MISC", + "url" : "https://labs.nettitude.com/blog/solarwinds-cve-2018-12897-dameware-mini-remote-control-local-seh-buffer-overflow/" } ] } diff --git a/2018/14xxx/CVE-2018-14396.json b/2018/14xxx/CVE-2018-14396.json index ba14375b763..d72bad9667f 100644 --- a/2018/14xxx/CVE-2018-14396.json +++ b/2018/14xxx/CVE-2018-14396.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14396", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/", + "refsource" : "MISC", + "url" : "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/" } ] } diff --git a/2018/14xxx/CVE-2018-14397.json b/2018/14xxx/CVE-2018-14397.json index c79b2b4fe88..e9e589392c6 100644 --- a/2018/14xxx/CVE-2018-14397.json +++ b/2018/14xxx/CVE-2018-14397.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14397", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/", + "refsource" : "MISC", + "url" : "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/" } ] } diff --git a/2018/14xxx/CVE-2018-14398.json b/2018/14xxx/CVE-2018-14398.json index e0ab8d4c1e5..ebe3bc33d6c 100644 --- a/2018/14xxx/CVE-2018-14398.json +++ b/2018/14xxx/CVE-2018-14398.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14398", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/", + "refsource" : "MISC", + "url" : "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/" } ] } diff --git a/2018/15xxx/CVE-2018-15474.json b/2018/15xxx/CVE-2018-15474.json index dffb384fabd..ea805321ab3 100644 --- a/2018/15xxx/CVE-2018-15474.json +++ b/2018/15xxx/CVE-2018-15474.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15474", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated \"this is not a security problem in DokuWiki.\"" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180906 SEC Consult SA-20180906-0 :: CSV Formula Injection in DokuWiki", + "refsource" : "FULLDISC", + "url" : "https://seclists.org/fulldisclosure/2018/Sep/4" + }, + { + "name" : "https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/", + "refsource" : "MISC", + "url" : "https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/" + }, + { + "name" : "https://github.com/splitbrain/dokuwiki/issues/2450", + "refsource" : "CONFIRM", + "url" : "https://github.com/splitbrain/dokuwiki/issues/2450" } ] } diff --git a/2018/15xxx/CVE-2018-15483.json b/2018/15xxx/CVE-2018-15483.json index e36ddca1060..c0a2693bc5a 100644 --- a/2018/15xxx/CVE-2018-15483.json +++ b/2018/15xxx/CVE-2018-15483.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15483", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html" + }, + { + "name" : "https://www.kone.com/en/vulnerability.aspx", + "refsource" : "CONFIRM", + "url" : "https://www.kone.com/en/vulnerability.aspx" } ] } diff --git a/2018/15xxx/CVE-2018-15484.json b/2018/15xxx/CVE-2018-15484.json index 9e56a4d4f0f..6b9b27e9b6f 100644 --- a/2018/15xxx/CVE-2018-15484.json +++ b/2018/15xxx/CVE-2018-15484.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15484", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html" + }, + { + "name" : "https://www.kone.com/en/vulnerability.aspx", + "refsource" : "CONFIRM", + "url" : "https://www.kone.com/en/vulnerability.aspx" } ] } diff --git a/2018/15xxx/CVE-2018-15485.json b/2018/15xxx/CVE-2018-15485.json index bca576b861f..6eb99f6792f 100644 --- a/2018/15xxx/CVE-2018-15485.json +++ b/2018/15xxx/CVE-2018-15485.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15485", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html" + }, + { + "name" : "https://www.kone.com/en/vulnerability.aspx", + "refsource" : "CONFIRM", + "url" : "https://www.kone.com/en/vulnerability.aspx" } ] } diff --git a/2018/15xxx/CVE-2018-15486.json b/2018/15xxx/CVE-2018-15486.json index 3337421dd79..af938be26bf 100644 --- a/2018/15xxx/CVE-2018-15486.json +++ b/2018/15xxx/CVE-2018-15486.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15486", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html" + }, + { + "name" : "https://www.kone.com/en/vulnerability.aspx", + "refsource" : "CONFIRM", + "url" : "https://www.kone.com/en/vulnerability.aspx" } ] } diff --git a/2018/15xxx/CVE-2018-15552.json b/2018/15xxx/CVE-2018-15552.json index 40a3bf8090d..7593d102b95 100644 --- a/2018/15xxx/CVE-2018-15552.json +++ b/2018/15xxx/CVE-2018-15552.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15552", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The \"PayWinner\" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable \"maxTickets\" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-15552", + "refsource" : "MISC", + "url" : "https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-15552" } ] } diff --git a/2018/16xxx/CVE-2018-16059.json b/2018/16xxx/CVE-2018-16059.json index 26f938b5539..722af953acd 100644 --- a/2018/16xxx/CVE-2018-16059.json +++ b/2018/16xxx/CVE-2018-16059.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16059", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "45342", + "refsource" : "EXPLOIT-DB", + "url" : "https://www.exploit-db.com/exploits/45342/" } ] } diff --git a/2018/16xxx/CVE-2018-16131.json b/2018/16xxx/CVE-2018-16131.json index e8d22ebabe7..6bef58b0c46 100644 --- a/2018/16xxx/CVE-2018-16131.json +++ b/2018/16xxx/CVE-2018-16131.json @@ -66,6 +66,11 @@ "name" : "https://groups.google.com/forum/#!topic/akka-security/Dj7INsYWdjg", "refsource" : "MISC", "url" : "https://groups.google.com/forum/#!topic/akka-security/Dj7INsYWdjg" + }, + { + "name" : "https://doc.akka.io/docs/akka-http/current/security/2018-09-05-denial-of-service-via-decodeRequest.html", + "refsource" : "CONFIRM", + "url" : "https://doc.akka.io/docs/akka-http/current/security/2018-09-05-denial-of-service-via-decodeRequest.html" } ] } diff --git a/2018/16xxx/CVE-2018-16363.json b/2018/16xxx/CVE-2018-16363.json index 7ad18a8f1be..654a51475fc 100644 --- a/2018/16xxx/CVE-2018-16363.json +++ b/2018/16xxx/CVE-2018-16363.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16363", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\\wpfilemanager.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://blog.51cto.com/010bjsoft/2171087", + "refsource" : "MISC", + "url" : "http://blog.51cto.com/010bjsoft/2171087" + }, + { + "name" : "https://plugins.trac.wordpress.org/changeset/1936043", + "refsource" : "MISC", + "url" : "https://plugins.trac.wordpress.org/changeset/1936043" + }, + { + "name" : "https://wordpress.org/support/topic/security-concern-6/#post-10655739", + "refsource" : "CONFIRM", + "url" : "https://wordpress.org/support/topic/security-concern-6/#post-10655739" } ] } diff --git a/2018/16xxx/CVE-2018-16454.json b/2018/16xxx/CVE-2018-16454.json index 5b04ce3f38d..62e52911a2e 100644 --- a/2018/16xxx/CVE-2018-16454.json +++ b/2018/16xxx/CVE-2018-16454.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16454", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "PHP Scripts Mall Olx Clone 3.4.2 has XSS." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://googlequeens.com/2018/09/02/cve-2018-16326-olx_clone-3-4-2-stored-xss-via-search-by-keyword/", + "refsource" : "MISC", + "url" : "https://googlequeens.com/2018/09/02/cve-2018-16326-olx_clone-3-4-2-stored-xss-via-search-by-keyword/" } ] } diff --git a/2018/9xxx/CVE-2018-9283.json b/2018/9xxx/CVE-2018-9283.json index b5ce112a1f6..27a7f41acb8 100644 --- a/2018/9xxx/CVE-2018-9283.json +++ b/2018/9xxx/CVE-2018-9283.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-9283", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XSS) vulnerabilities in the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters in the contact creation and modification page. The payload is stored within the application database and allows the execution of JavaScript code each time a client visit an infected page." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/", + "refsource" : "MISC", + "url" : "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/" } ] }