From e8c947e68352d158af86d4c883e6b16f9739b08f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 19 Dec 2018 19:04:20 -0500 Subject: [PATCH] - Synchronized data. --- 2018/20xxx/CVE-2018-20300.json | 48 ++++++++++++++++++++++- 2018/20xxx/CVE-2018-20302.json | 53 ++++++++++++++++++++++++- 2018/20xxx/CVE-2018-20303.json | 72 ++++++++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20304.json | 62 +++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20305.json | 62 +++++++++++++++++++++++++++++ 5 files changed, 293 insertions(+), 4 deletions(-) create mode 100644 2018/20xxx/CVE-2018-20303.json create mode 100644 2018/20xxx/CVE-2018-20304.json create mode 100644 2018/20xxx/CVE-2018-20305.json diff --git a/2018/20xxx/CVE-2018-20300.json b/2018/20xxx/CVE-2018-20300.json index 01a522178a5..ba7758a277c 100644 --- a/2018/20xxx/CVE-2018-20300.json +++ b/2018/20xxx/CVE-2018-20300.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20300", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://p0desta.com/2018/12/19/empirecms%E6%9C%80%E6%96%B0%E7%89%88%E5%90%8E%E5%8F%B0%E5%A4%9A%E5%A4%84getshell/", + "refsource" : "MISC", + "url" : "http://p0desta.com/2018/12/19/empirecms%E6%9C%80%E6%96%B0%E7%89%88%E5%90%8E%E5%8F%B0%E5%A4%9A%E5%A4%84getshell/" } ] } diff --git a/2018/20xxx/CVE-2018-20302.json b/2018/20xxx/CVE-2018-20302.json index c43b83a50d8..12cc0af3217 100644 --- a/2018/20xxx/CVE-2018-20302.json +++ b/2018/20xxx/CVE-2018-20302.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20302", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/dependabot/elixir-security-advisories/blob/master/packages/xain/2018-09-03.yml", + "refsource" : "MISC", + "url" : "https://github.com/dependabot/elixir-security-advisories/blob/master/packages/xain/2018-09-03.yml" + }, + { + "name" : "https://github.com/smpallen99/xain/issues/18", + "refsource" : "MISC", + "url" : "https://github.com/smpallen99/xain/issues/18" } ] } diff --git a/2018/20xxx/CVE-2018-20303.json b/2018/20xxx/CVE-2018-20303.json new file mode 100644 index 00000000000..b63309bfbee --- /dev/null +++ b/2018/20xxx/CVE-2018-20303.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20303", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/gogs/gogs/commit/ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ce", + "refsource" : "MISC", + "url" : "https://github.com/gogs/gogs/commit/ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ce" + }, + { + "name" : "https://github.com/gogs/gogs/issues/5558", + "refsource" : "MISC", + "url" : "https://github.com/gogs/gogs/issues/5558" + }, + { + "name" : "https://pentesterlab.com/exercises/cve-2018-18925/", + "refsource" : "MISC", + "url" : "https://pentesterlab.com/exercises/cve-2018-18925/" + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20304.json b/2018/20xxx/CVE-2018-20304.json new file mode 100644 index 00000000000..f5d570d1329 --- /dev/null +++ b/2018/20xxx/CVE-2018-20304.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20304", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long second argument. NOTE: this is not a Microsoft product." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/devinsmith/libexcel/issues/9", + "refsource" : "MISC", + "url" : "https://github.com/devinsmith/libexcel/issues/9" + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20305.json b/2018/20xxx/CVE-2018-20305.json new file mode 100644 index 00000000000..0be82a77e77 --- /dev/null +++ b/2018/20xxx/CVE-2018-20305.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20305", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816", + "refsource" : "MISC", + "url" : "https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816" + } + ] + } +}