admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-09-24 18:03:23 -04:00
parent 25b85a7f20
commit 62dd8be4ee
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 341 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/12xxx/CVE-2018-12169.json
View File

@ -57,6 +57,11 @@
"name" : "https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html",
"refsource" : "CONFIRM",
"url" : "https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html"
},
{
"name" : "https://support.lenovo.com/us/en/solutions/LEN-20527",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-20527"
}
]
}

48
2018/12xxx/CVE-2018-12975.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12975",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://medium.com/@jonghyk.song/create-legendary-champs-by-breaking-prng-of-cryptosaga-an-ethereum-rpg-game-cve-2018-12975-8de733ff8255",
"refsource" : "MISC",
"url" : "https://medium.com/@jonghyk.song/create-legendary-champs-by-breaking-prng-of-cryptosaga-an-ethereum-rpg-game-cve-2018-12975-8de733ff8255"
}
]
}

58
2018/13xxx/CVE-2018-13140.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13140",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,38 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180921 [CVE-2018-13140] Antidote Remote Code Execution against the update component",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Sep/38"
},
{
"name" : "http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html"
},
{
"name" : "https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/",
"refsource" : "MISC",
"url" : "https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/"
}
]
}

5
2018/15xxx/CVE-2018-15482.json
View File

@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/",
"refsource" : "MISC",
"url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/"
},
{
"name" : "https://lgsecurity.lge.com/security_updates.html",
"refsource" : "CONFIRM",

53
2018/16xxx/CVE-2018-16283.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16283",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,33 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180920 WordPress Plugin Wechat Broadcast 1.2.0 - Local/Remote File Inclusion",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Sep/32"
},
{
"name" : "https://github.com/springjk/wordpress-wechat-broadcast/issues/14",
"refsource" : "CONFIRM",
"url" : "https://github.com/springjk/wordpress-wechat-broadcast/issues/14"
}
]
}

63
2018/16xxx/CVE-2018-16299.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16299",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,43 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45439",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45439/"
},
{
"name" : "20180920 WordPress Plugin Localize My Post 1.0 - Local File Inclusion",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Sep/33"
},
{
"name" : "https://github.com/julianburr/wp-plugin-localizemypost/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/julianburr/wp-plugin-localizemypost/issues/1"
},
{
"name" : "https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.html"
}
]
}

48
2018/17xxx/CVE-2018-17107.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17107",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/tgstation/tgstation-server/issues/690",
"refsource" : "CONFIRM",
"url" : "https://github.com/tgstation/tgstation-server/issues/690"
}
]
}

73
2018/17xxx/CVE-2018-17281.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17281",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,53 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"refsource" : "BUGTRAQ",
"url" : "https://seclists.org/bugtraq/2018/Sep/53"
},
{
"name" : "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Sep/31"
},
{
"name" : "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html"
},
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2018-009.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2018-009.html"
},
{
"name" : "https://issues.asterisk.org/jira/browse/ASTERISK-28013",
"refsource" : "CONFIRM",
"url" : "https://issues.asterisk.org/jira/browse/ASTERISK-28013"
},
{
"name" : "1041694",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041694"
}
]
}