From 9992b01e8dca471c657a2c13d1488e425cf25d78 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 1 Oct 2018 04:09:18 -0400 Subject: [PATCH] - Synchronized data. --- 2015/9xxx/CVE-2015-9267.json | 48 ++++++++++++++++++++++++++-- 2015/9xxx/CVE-2015-9268.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17427.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17825.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17826.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17827.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17828.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17830.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17831.json | 58 ++++++++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17832.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17835.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17836.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17837.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17838.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17846.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17847.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17848.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17850.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17851.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17852.json | 48 ++++++++++++++++++++++++++-- 2018/17xxx/CVE-2018-17854.json | 48 ++++++++++++++++++++++++++-- 21 files changed, 976 insertions(+), 42 deletions(-) diff --git a/2015/9xxx/CVE-2015-9267.json b/2015/9xxx/CVE-2015-9267.json index 06f33b479b5..d4a94ce2424 100644 --- a/2015/9xxx/CVE-2015-9267.json +++ b/2015/9xxx/CVE-2015-9267.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-9267", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://sourceforge.net/p/nsis/bugs/1125/", + "refsource" : "MISC", + "url" : "https://sourceforge.net/p/nsis/bugs/1125/" } ] } diff --git a/2015/9xxx/CVE-2015-9268.json b/2015/9xxx/CVE-2015-9268.json index 56cb6b62bcf..1ca3ef0ba04 100644 --- a/2015/9xxx/CVE-2015-9268.json +++ b/2015/9xxx/CVE-2015-9268.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-9268", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://sourceforge.net/p/nsis/bugs/1125/", + "refsource" : "MISC", + "url" : "https://sourceforge.net/p/nsis/bugs/1125/" } ] } diff --git a/2018/17xxx/CVE-2018-17427.json b/2018/17xxx/CVE-2018-17427.json index c452c102d7e..0b006519bf0 100644 --- a/2018/17xxx/CVE-2018-17427.json +++ b/2018/17xxx/CVE-2018-17427.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17427", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "SIMDComp before 0.1.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/lemire/simdcomp/issues/21", + "refsource" : "MISC", + "url" : "https://github.com/lemire/simdcomp/issues/21" } ] } diff --git a/2018/17xxx/CVE-2018-17825.json b/2018/17xxx/CVE-2018-17825.json index 45b57f3dcae..4f14e6ef1c2 100644 --- a/2018/17xxx/CVE-2018-17825.json +++ b/2018/17xxx/CVE-2018-17825.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17825", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/adplug/adplug/issues/67", + "refsource" : "MISC", + "url" : "https://github.com/adplug/adplug/issues/67" } ] } diff --git a/2018/17xxx/CVE-2018-17826.json b/2018/17xxx/CVE-2018-17826.json index 173faaa7a3d..021fb021ca2 100644 --- a/2018/17xxx/CVE-2018-17826.json +++ b/2018/17xxx/CVE-2018-17826.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17826", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif, .jpeg, and .ico)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/rakjong/vuln/blob/master/hisiphp_getshell.pdf", + "refsource" : "MISC", + "url" : "https://github.com/rakjong/vuln/blob/master/hisiphp_getshell.pdf" } ] } diff --git a/2018/17xxx/CVE-2018-17827.json b/2018/17xxx/CVE-2018-17827.json index fa9529c7c22..680c8cf826b 100644 --- a/2018/17xxx/CVE-2018-17827.json +++ b/2018/17xxx/CVE-2018-17827.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17827", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/rakjong/vuln/blob/master/hisiphp_hetshell_2.pdf", + "refsource" : "MISC", + "url" : "https://github.com/rakjong/vuln/blob/master/hisiphp_hetshell_2.pdf" } ] } diff --git a/2018/17xxx/CVE-2018-17828.json b/2018/17xxx/CVE-2018-17828.json index e141f991ae8..12405a3495d 100644 --- a/2018/17xxx/CVE-2018-17828.json +++ b/2018/17xxx/CVE-2018-17828.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17828", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/gdraheim/zziplib/issues/62", + "refsource" : "MISC", + "url" : "https://github.com/gdraheim/zziplib/issues/62" } ] } diff --git a/2018/17xxx/CVE-2018-17830.json b/2018/17xxx/CVE-2018-17830.json index e8c6c507d6f..95ccfd94567 100644 --- a/2018/17xxx/CVE-2018-17830.json +++ b/2018/17xxx/CVE-2018-17830.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17830", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/redaxo/redaxo4/issues/421", + "refsource" : "MISC", + "url" : "https://github.com/redaxo/redaxo4/issues/421" } ] } diff --git a/2018/17xxx/CVE-2018-17831.json b/2018/17xxx/CVE-2018-17831.json index de461d64fd8..6cc60bfe3d3 100644 --- a/2018/17xxx/CVE-2018-17831.json +++ b/2018/17xxx/CVE-2018-17831.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17831", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/redaxo/redaxo/issues/2043", + "refsource" : "MISC", + "url" : "https://github.com/redaxo/redaxo/issues/2043" + }, + { + "name" : "https://github.com/redaxo/redaxo/releases/tag/5.6.3", + "refsource" : "MISC", + "url" : "https://github.com/redaxo/redaxo/releases/tag/5.6.3" + }, + { + "name" : "https://redaxo.org/cms/news/sicherheitsluecke-und-neue-yform-version/", + "refsource" : "MISC", + "url" : "https://redaxo.org/cms/news/sicherheitsluecke-und-neue-yform-version/" } ] } diff --git a/2018/17xxx/CVE-2018-17832.json b/2018/17xxx/CVE-2018-17832.json index cc7e99577d2..6a6dc4aa90b 100644 --- a/2018/17xxx/CVE-2018-17832.json +++ b/2018/17xxx/CVE-2018-17832.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17832", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://cxsecurity.com/issue/WLB-2018050139", + "refsource" : "MISC", + "url" : "https://cxsecurity.com/issue/WLB-2018050139" } ] } diff --git a/2018/17xxx/CVE-2018-17835.json b/2018/17xxx/CVE-2018-17835.json index 369b5529cbd..7c05e9ffa2f 100644 --- a/2018/17xxx/CVE-2018-17835.json +++ b/2018/17xxx/CVE-2018-17835.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17835", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1298", + "refsource" : "MISC", + "url" : "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1298" } ] } diff --git a/2018/17xxx/CVE-2018-17836.json b/2018/17xxx/CVE-2018-17836.json index fe96ee41a56..d61eea9f323 100644 --- a/2018/17xxx/CVE-2018-17836.json +++ b/2018/17xxx/CVE-2018-17836.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17836", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/JTBC/blob/master/README.md#getshell", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/JTBC/blob/master/README.md#getshell" } ] } diff --git a/2018/17xxx/CVE-2018-17837.json b/2018/17xxx/CVE-2018-17837.json index dfa07b96a19..8bcc8ab78e9 100644 --- a/2018/17xxx/CVE-2018-17837.json +++ b/2018/17xxx/CVE-2018-17837.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17837", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/JTBC/blob/master/README.md#arbitrary-file-deletion", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/JTBC/blob/master/README.md#arbitrary-file-deletion" } ] } diff --git a/2018/17xxx/CVE-2018-17838.json b/2018/17xxx/CVE-2018-17838.json index 2c71db4d9c5..950e373b5ba 100644 --- a/2018/17xxx/CVE-2018-17838.json +++ b/2018/17xxx/CVE-2018-17838.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17838", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/JTBC/blob/master/README.md#arbitrary-file-read", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/JTBC/blob/master/README.md#arbitrary-file-read" } ] } diff --git a/2018/17xxx/CVE-2018-17846.json b/2018/17xxx/CVE-2018-17846.json index 244eb62cc91..fe8e63db419 100644 --- a/2018/17xxx/CVE-2018-17846.json +++ b/2018/17xxx/CVE-2018-17846.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17846", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The html package (aka x/net/html) through 2018-09-25 in Go mishandles
, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/golang/go/issues/27842", + "refsource" : "MISC", + "url" : "https://github.com/golang/go/issues/27842" } ] } diff --git a/2018/17xxx/CVE-2018-17847.json b/2018/17xxx/CVE-2018-17847.json index 61a11d1ea5e..2bb24ef2d79 100644 --- a/2018/17xxx/CVE-2018-17847.json +++ b/2018/17xxx/CVE-2018-17847.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17847", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The html package (aka x/net/html) through 2018-09-25 in Go mishandles