diff --git a/2018/20xxx/CVE-2018-20418.json b/2018/20xxx/CVE-2018-20418.json new file mode 100644 index 00000000000..742b6858b04 --- /dev/null +++ b/2018/20xxx/CVE-2018-20418.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20418", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20419.json b/2018/20xxx/CVE-2018-20419.json new file mode 100644 index 00000000000..be333ea40ce --- /dev/null +++ b/2018/20xxx/CVE-2018-20419.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20419", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/Jxysir/Douphpcms/blob/master/POC", + "refsource" : "MISC", + "url" : "https://github.com/Jxysir/Douphpcms/blob/master/POC" + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20420.json b/2018/20xxx/CVE-2018-20420.json new file mode 100644 index 00000000000..dcce0c5ad6a --- /dev/null +++ b/2018/20xxx/CVE-2018-20420.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20420", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/eddietcc/CVEnotes/blob/master/webERP_4.15_Z_CreateCompanyTemplateFile/README.md", + "refsource" : "MISC", + "url" : "https://github.com/eddietcc/CVEnotes/blob/master/webERP_4.15_Z_CreateCompanyTemplateFile/README.md" + } + ] + } +} diff --git a/2018/20xxx/CVE-2018-20421.json b/2018/20xxx/CVE-2018-20421.json new file mode 100644 index 00000000000..c334bcaff33 --- /dev/null +++ b/2018/20xxx/CVE-2018-20421.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20421", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of \"assembly { mstore }\" followed by a \"c[0xC800000] = 0xFF\" assignment." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/ethereum/go-ethereum/issues/18289", + "refsource" : "MISC", + "url" : "https://github.com/ethereum/go-ethereum/issues/18289" + } + ] + } +}