admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

removed duplicates

Browse Source
This commit is contained in:
Kurt Seifried 2018-06-25 09:26:17 -06:00
parent 514298e7e7
commit be0eb55553
No known key found for this signature in database
GPG Key ID: F15CADC4A00F8174
5 changed files with 95 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
2018/1000xxx/CVE-2018-1000522.json
View File

@ -1 +1,19 @@
{ "CVE_data_meta": { "ASSIGNER": "kurt@seifried.org", "DATE_ASSIGNED": "2018-06-23T11:22:33.026222", "DATE_REQUESTED": "2018-04-06T11:16:03", "ID": "CVE-2018-1000522", "REQUESTER": "hi.haozhezhang@gmail.com" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "BigTree-CMS", "version": { "version_data": [ { "version_value": "commit b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6 and earlier" } ] } } ] }, "vendor_name": "BigTree-CMS" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "BigTree-CMS version commit b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page vulnerability in users management page that can result in Any Javascript code can be executed. This attack appear to be exploitable via Insert payload into users' profile and wait for administrators to visit the users management page. This vulnerability appears to have been fixed in after commit b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page" } ] } ] }, "references": { "reference_data": [ { "url": "https://github.com/bigtreecms/BigTree-CMS/issues/332" }, { "url": "https://github.com/bigtreecms/BigTree-CMS/commit/b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6" } ] } }
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_ASSIGNED" : "2018-06-21",
"ID" : "CVE-2018-1000522",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10364. Reason: This candidate is a reservation duplicate of CVE-2018-10364. Notes: All CVE users should reference CVE-2018-10364 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

20
2018/1000xxx/CVE-2018-1000530.json
View File

@ -1 +1,19 @@
{ "CVE_data_meta": { "ASSIGNER": "kurt@seifried.org", "DATE_ASSIGNED": "2018-06-23T11:22:33.041637", "DATE_REQUESTED": "2018-05-17T12:48:08", "ID": "CVE-2018-1000530", "REQUESTER": "sfeldmann@teknik.io" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Yosoro", "version": { "version_data": [ { "version_value": "1.0.4" } ] } } ] }, "vendor_name": "Yosoro" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Yosoro version 1.0.4 contains a XSS leading to code execution due to the use of node integration vulnerability in /app/views/component/note/Note.jsx writes a note unfiltered into the dom which leads to xss. that can result in Arbitrary code execution . This attack appear to be exploitable via Attacker adds a malicious note." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "XSS leading to code execution due to the use of node integration" } ] } ] }, "references": { "reference_data": [ { "url": "https://github.com/IceEnd/Yosoro/issues/11" } ] } }
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_ASSIGNED" : "2018-06-21",
"ID" : "CVE-2018-1000530",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11522. Reason: This candidate is a reservation duplicate of CVE-2018-11522. Notes: All CVE users should reference CVE-2018-11522 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

20
2018/1000xxx/CVE-2018-1000541.json
View File

@ -1 +1,19 @@
{ "CVE_data_meta": { "ASSIGNER": "kurt@seifried.org", "DATE_ASSIGNED": "2018-06-23T11:22:33.058118", "DATE_REQUESTED": "2018-04-25T10:53:17", "ID": "CVE-2018-1000541", "REQUESTER": "mail@kkoenig.net" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "PHPLiteAdmin", "version": { "version_data": [ { "version_value": "1.9.5 to 1.9.7.1" } ] } } ] }, "vendor_name": "PHPLiteAdmin" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "PHPLiteAdmin version 1.9.5 to 1.9.7.1 contains a CWE-285: Improper Authorization vulnerability in The web login that can result in Arbitary Authorization Bypass. This attack appear to be exploitable via Access to login page. This vulnerability appears to have been fixed in after commit 41545fe." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-285: Improper Authorization" } ] } ] }, "references": { "reference_data": [ { "url": "https://github.com/phpLiteAdmin/pla/commit/41545fe" }, { "url": "https://github.com/phpLiteAdmin/pla/issues/11" }, { "url": "http://k3research.outerhaven.de/posts/small-mistakes-lead-to-big-problems.html" }, { "url": "http://www.openwall.com/lists/oss-security/2018/04/25/3" } ] } }
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_ASSIGNED" : "2018-06-21",
"ID" : "CVE-2018-1000541",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10362. Reason: This candidate is a reservation duplicate of CVE-2018-10362. Notes: All CVE users should reference CVE-2018-10362 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

20
2018/1000xxx/CVE-2018-1000545.json
View File

@ -1 +1,19 @@
{ "CVE_data_meta": { "ASSIGNER": "kurt@seifried.org", "DATE_ASSIGNED": "2018-06-23T11:22:33.065725", "DATE_REQUESTED": "2018-04-17T05:19:42", "ID": "CVE-2018-1000545", "REQUESTER": "glennmcguire9@gmail.com" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "jpegoptim", "version": { "version_data": [ { "version_value": "since release 1.4.5 (139a558edfda4d59e94) until efddfd0fadc2efed78" } ] } } ] }, "vendor_name": "jpegoptim" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "jpegoptim version since release 1.4.5 (139a558edfda4d59e94) until efddfd0fadc2efed78 contains a Double Free (CWE-415) vulnerability in jpegoptim.c line 900 in main() (see fix) that can result in allows a denial of service (crash) or unspecified other impact via a crafted file. This attack appear to be exploitable via the victim must open a specially crafted JPEG file. This vulnerability appears to have been fixed in after commit efddfd0fadc2efed78." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Double Free (CWE-415)" } ] } ] }, "references": { "reference_data": [ { "url": "https://github.com/tjko/jpegoptim/issues/57" }, { "url": "https://github.com/tjko/jpegoptim/commit/efddfd0fadc2efed787ad367cc14d2eda80bc7c1" } ] } }
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_ASSIGNED" : "2018-06-21",
"ID" : "CVE-2018-1000545",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11416. Reason: This candidate is a reservation duplicate of CVE-2018-11416. Notes: All CVE users should reference CVE-2018-11416 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

20
2018/1000xxx/CVE-2018-1000555.json
View File

@ -1 +1,19 @@
{ "CVE_data_meta": { "ASSIGNER": "kurt@seifried.org", "DATE_ASSIGNED": "2018-06-23T11:22:33.082210", "DATE_REQUESTED": "2018-04-09T05:36:52", "ID": "CVE-2018-1000555", "REQUESTER": "0x00fi@protonmail.com" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "PhpMyAdmin", "version": { "version_data": [ { "version_value": "4.7.X to 4.8.0" } ] } } ] }, "vendor_name": "PhpMyAdmin" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "PhpMyAdmin version 4.7.X to 4.8.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Empty/Drop tables/databases GET request url that can result in Delete/empty tables or databases." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross ite Request Forgery (CSRF)" } ] } ] }, "references": { "reference_data": [ { "url": "https://twitter.com/0x00FI/status/983193530859442177" }, { "url": "https://www.phpmyadmin.net/security/PMASA-2018-2/" } ] } }
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_ASSIGNED" : "2018-06-21",
"ID" : "CVE-2018-1000555",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10188. Reason: This candidate is a reservation duplicate of CVE-2018-10188. Notes: All CVE users should reference CVE-2018-10188 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}