From ddba2c5204df9412dd2bc42edc5fabde010fc15d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 5 Jun 2018 07:03:21 -0400 Subject: [PATCH] - Synchronized data. --- 2018/11xxx/CVE-2018-11554.json | 48 ++++++++++++++++++++++++-- 2018/11xxx/CVE-2018-11678.json | 48 ++++++++++++++++++++++++-- 2018/11xxx/CVE-2018-11737.json | 62 ++++++++++++++++++++++++++++++++++ 2018/11xxx/CVE-2018-11738.json | 62 ++++++++++++++++++++++++++++++++++ 2018/11xxx/CVE-2018-11739.json | 62 ++++++++++++++++++++++++++++++++++ 2018/11xxx/CVE-2018-11740.json | 62 ++++++++++++++++++++++++++++++++++ 6 files changed, 340 insertions(+), 4 deletions(-) create mode 100644 2018/11xxx/CVE-2018-11737.json create mode 100644 2018/11xxx/CVE-2018-11738.json create mode 100644 2018/11xxx/CVE-2018-11739.json create mode 100644 2018/11xxx/CVE-2018-11740.json diff --git a/2018/11xxx/CVE-2018-11554.json b/2018/11xxx/CVE-2018-11554.json index 8f004cefee9..0d1870711f8 100644 --- a/2018/11xxx/CVE-2018-11554.json +++ b/2018/11xxx/CVE-2018-11554.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11554", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md", + "refsource" : "MISC", + "url" : "https://github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.md" } ] } diff --git a/2018/11xxx/CVE-2018-11678.json b/2018/11xxx/CVE-2018-11678.json index 08046fe93bd..a25689444ca 100644 --- a/2018/11xxx/CVE-2018-11678.json +++ b/2018/11xxx/CVE-2018-11678.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11678", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://abdilahrf.github.io/login-rate-limiting-bypass", + "refsource" : "MISC", + "url" : "http://abdilahrf.github.io/login-rate-limiting-bypass" } ] } diff --git a/2018/11xxx/CVE-2018-11737.json b/2018/11xxx/CVE-2018-11737.json new file mode 100644 index 00000000000..e0d753d81d9 --- /dev/null +++ b/2018/11xxx/CVE-2018-11737.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11737", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/sleuthkit/sleuthkit/issues/1266", + "refsource" : "MISC", + "url" : "https://github.com/sleuthkit/sleuthkit/issues/1266" + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11738.json b/2018/11xxx/CVE-2018-11738.json new file mode 100644 index 00000000000..5f3affb5369 --- /dev/null +++ b/2018/11xxx/CVE-2018-11738.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11738", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/sleuthkit/sleuthkit/issues/1265", + "refsource" : "MISC", + "url" : "https://github.com/sleuthkit/sleuthkit/issues/1265" + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11739.json b/2018/11xxx/CVE-2018-11739.json new file mode 100644 index 00000000000..37cee8be705 --- /dev/null +++ b/2018/11xxx/CVE-2018-11739.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11739", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/sleuthkit/sleuthkit/issues/1267", + "refsource" : "MISC", + "url" : "https://github.com/sleuthkit/sleuthkit/issues/1267" + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11740.json b/2018/11xxx/CVE-2018-11740.json new file mode 100644 index 00000000000..474d8baf12b --- /dev/null +++ b/2018/11xxx/CVE-2018-11740.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11740", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/sleuthkit/sleuthkit/issues/1264", + "refsource" : "MISC", + "url" : "https://github.com/sleuthkit/sleuthkit/issues/1264" + } + ] + } +}