From 753274824098000a5271ebbbc99e0e7372210d41 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 18 Jul 2018 15:06:34 -0400 Subject: [PATCH] - Synchronized data. --- 2018/14xxx/CVE-2018-14364.json | 48 +++++++++++++++++++++++- 2018/14xxx/CVE-2018-14387.json | 67 ++++++++++++++++++++++++++++++++++ 2018/14xxx/CVE-2018-14388.json | 62 +++++++++++++++++++++++++++++++ 2018/14xxx/CVE-2018-14389.json | 62 +++++++++++++++++++++++++++++++ 4 files changed, 237 insertions(+), 2 deletions(-) create mode 100644 2018/14xxx/CVE-2018-14387.json create mode 100644 2018/14xxx/CVE-2018-14388.json create mode 100644 2018/14xxx/CVE-2018-14389.json diff --git a/2018/14xxx/CVE-2018-14364.json b/2018/14xxx/CVE-2018-14364.json index 0ae350cea05..2dc53edfa0f 100644 --- a/2018/14xxx/CVE-2018-14364.json +++ b/2018/14xxx/CVE-2018-14364.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14364", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/", + "refsource" : "CONFIRM", + "url" : "https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/" } ] } diff --git a/2018/14xxx/CVE-2018-14387.json b/2018/14xxx/CVE-2018-14387.json new file mode 100644 index 00000000000..6f511770a8f --- /dev/null +++ b/2018/14xxx/CVE-2018-14387.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14387", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/robiso/wondercms/issues/64", + "refsource" : "MISC", + "url" : "https://github.com/robiso/wondercms/issues/64" + }, + { + "name" : "https://www.wondercms.com/whatsnew", + "refsource" : "MISC", + "url" : "https://www.wondercms.com/whatsnew" + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14388.json b/2018/14xxx/CVE-2018-14388.json new file mode 100644 index 00000000000..def24c0ed6b --- /dev/null +++ b/2018/14xxx/CVE-2018-14388.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14388", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/joyplus/joyplus-cms/issues/429", + "refsource" : "MISC", + "url" : "https://github.com/joyplus/joyplus-cms/issues/429" + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14389.json b/2018/14xxx/CVE-2018-14389.json new file mode 100644 index 00000000000..43026c62609 --- /dev/null +++ b/2018/14xxx/CVE-2018-14389.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14389", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/joyplus/joyplus-cms/issues/430", + "refsource" : "MISC", + "url" : "https://github.com/joyplus/joyplus-cms/issues/430" + } + ] + } +}