admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-12-17 03:10:08 -05:00
parent 5393953ea7
commit 6eb5dadc79
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 184 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
2018/20xxx/CVE-2018-20147.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress versions before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files."
"value" : "In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files."
}
]
},
@ -52,10 +52,25 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://codex.wordpress.org/Version_4.9.9",
"refsource" : "MISC",
"url" : "https://codex.wordpress.org/Version_4.9.9"
},
{
"name" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
},
{
"name" : "https://wordpress.org/support/wordpress-version/version-5-0-1/",
"refsource" : "MISC",
"url" : "https://wordpress.org/support/wordpress-version/version-5-0-1/"
},
{
"name" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/",
"refsource" : "MISC",
"url" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"
}
]
}

27
2018/20xxx/CVE-2018-20148.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress versions before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata."
"value" : "In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php."
}
]
},
@ -52,10 +52,35 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.secarma.co.uk/labs/near-phar-dangerous-unserialization-wherever-you-are",
"refsource" : "MISC",
"url" : "https://blog.secarma.co.uk/labs/near-phar-dangerous-unserialization-wherever-you-are"
},
{
"name" : "https://codex.wordpress.org/Version_4.9.9",
"refsource" : "MISC",
"url" : "https://codex.wordpress.org/Version_4.9.9"
},
{
"name" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
},
{
"name" : "https://wordpress.org/support/wordpress-version/version-5-0-1/",
"refsource" : "MISC",
"url" : "https://wordpress.org/support/wordpress-version/version-5-0-1/"
},
{
"name" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/",
"refsource" : "MISC",
"url" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"
},
{
"name" : "https://www.zdnet.com/article/wordpress-vulnerability-affects-a-third-of-most-popular-websites-online/",
"refsource" : "MISC",
"url" : "https://www.zdnet.com/article/wordpress-vulnerability-affects-a-third-of-most-popular-websites-online/"
}
]
}

17
2018/20xxx/CVE-2018-20149.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress versions before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS."
"value" : "In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data."
}
]
},
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://codex.wordpress.org/Version_4.9.9",
"refsource" : "MISC",
"url" : "https://codex.wordpress.org/Version_4.9.9"
},
{
"name" : "https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a",
"refsource" : "MISC",
@ -61,6 +66,16 @@
"name" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
},
{
"name" : "https://wordpress.org/support/wordpress-version/version-5-0-1/",
"refsource" : "MISC",
"url" : "https://wordpress.org/support/wordpress-version/version-5-0-1/"
},
{
"name" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/",
"refsource" : "MISC",
"url" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"
}
]
}

17
2018/20xxx/CVE-2018-20150.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress versions before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins."
"value" : "In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins."
}
]
},
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://codex.wordpress.org/Version_4.9.9",
"refsource" : "MISC",
"url" : "https://codex.wordpress.org/Version_4.9.9"
},
{
"name" : "https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460",
"refsource" : "MISC",
@ -61,6 +66,16 @@
"name" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
},
{
"name" : "https://wordpress.org/support/wordpress-version/version-5-0-1/",
"refsource" : "MISC",
"url" : "https://wordpress.org/support/wordpress-version/version-5-0-1/"
},
{
"name" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/",
"refsource" : "MISC",
"url" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"
}
]
}

17
2018/20xxx/CVE-2018-20151.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress versions before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default."
"value" : "In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default."
}
]
},
@ -52,10 +52,25 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://codex.wordpress.org/Version_4.9.9",
"refsource" : "MISC",
"url" : "https://codex.wordpress.org/Version_4.9.9"
},
{
"name" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
},
{
"name" : "https://wordpress.org/support/wordpress-version/version-5-0-1/",
"refsource" : "MISC",
"url" : "https://wordpress.org/support/wordpress-version/version-5-0-1/"
},
{
"name" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/",
"refsource" : "MISC",
"url" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"
}
]
}

17
2018/20xxx/CVE-2018-20152.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress versions before 5.0.1, authors could bypass intended restrictions on post types via crafted input."
"value" : "In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input."
}
]
},
@ -52,10 +52,25 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://codex.wordpress.org/Version_4.9.9",
"refsource" : "MISC",
"url" : "https://codex.wordpress.org/Version_4.9.9"
},
{
"name" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
},
{
"name" : "https://wordpress.org/support/wordpress-version/version-5-0-1/",
"refsource" : "MISC",
"url" : "https://wordpress.org/support/wordpress-version/version-5-0-1/"
},
{
"name" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/",
"refsource" : "MISC",
"url" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"
}
]
}

17
2018/20xxx/CVE-2018-20153.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress versions before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS."
"value" : "In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS."
}
]
},
@ -52,10 +52,25 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://codex.wordpress.org/Version_4.9.9",
"refsource" : "MISC",
"url" : "https://codex.wordpress.org/Version_4.9.9"
},
{
"name" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
},
{
"name" : "https://wordpress.org/support/wordpress-version/version-5-0-1/",
"refsource" : "MISC",
"url" : "https://wordpress.org/support/wordpress-version/version-5-0-1/"
},
{
"name" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/",
"refsource" : "MISC",
"url" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"
}
]
}

62
2018/20xxx/CVE-2018-20173.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20173",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
"refsource" : "MISC",
"url" : "https://www.manageengine.com/network-monitoring/help/read-me.html"
}
]
}
}