- Synchronized data.

2025-07-29 05:56:59 +00:00 · 2018-04-27 00:02:47 -04:00 · 2018-04-27 00:02:47 -04:00 · d7c11332b8
commit d7c11332b8
parent f7adc281ad
5 changed files with 101 additions and 1 deletions
--- a/2018/10xxx/CVE-2018-10299.json
+++ b/2018/10xxx/CVE-2018-10299.json
@ -34,7 +34,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the \"batchOverflow\" issue. NOTE: the OKEx exchange suspended BEC trading as of 2018-04-22; however, the integer overflow in this codebase can still be exploited through transactions involving other exchanges and/or other tokens."
+            "value" : "An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the \"batchOverflow\" issue."
         }
      ]
   },
@ -57,6 +57,11 @@
            "refsource" : "MISC",
            "url" : "https://dasp.co/#item-3"
         },
+         {
+            "name" : "https://medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contracts-of-beautychain-bec-dbf24ddbc30e",
+            "refsource" : "MISC",
+            "url" : "https://medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contracts-of-beautychain-bec-dbf24ddbc30e"
+         },
         {
            "name" : "https://peckshield.com/2018/04/22/batchOverflow/",
            "refsource" : "MISC",
@ -71,6 +76,11 @@
            "name" : "https://twitter.com/OKEx_/status/987967343983714304",
            "refsource" : "MISC",
            "url" : "https://twitter.com/OKEx_/status/987967343983714304"
+         },
+         {
+            "name" : "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/",
+            "refsource" : "MISC",
+            "url" : "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/"
         }
      ]
   }
--- a/2018/10xxx/CVE-2018-10376.json
+++ b/2018/10xxx/CVE-2018-10376.json
@ -61,6 +61,11 @@
            "name" : "https://peckshield.com/2018/04/25/proxyOverflow/",
            "refsource" : "MISC",
            "url" : "https://peckshield.com/2018/04/25/proxyOverflow/"
+         },
+         {
+            "name" : "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/",
+            "refsource" : "MISC",
+            "url" : "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/"
         }
      ]
   }
--- a/2018/10xxx/CVE-2018-10468.json
+++ b/2018/10xxx/CVE-2018-10468.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-10468",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
--- a/2018/10xxx/CVE-2018-10469.json
+++ b/2018/10xxx/CVE-2018-10469.json
@ -0,0 +1,62 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-10469",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://github.com/b3log/symphony/issues/620",
+            "refsource" : "MISC",
+            "url" : "https://github.com/b3log/symphony/issues/620"
+         }
+      ]
+   }
+}
--- a/2018/1xxx/CVE-2018-1038.json
+++ b/2018/1xxx/CVE-2018-1038.json
@ -53,6 +53,11 @@
   },
   "references" : {
      "reference_data" : [
+         {
+            "name" : "https://blog.xpnsec.com/total-meltdown-cve-2018-1038/",
+            "refsource" : "MISC",
+            "url" : "https://blog.xpnsec.com/total-meltdown-cve-2018-1038/"
+         },
         {
            "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038",
            "refsource" : "CONFIRM",