admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

jpcert20180907 batch

Browse Source
This commit is contained in:
Yozo TODA 2018-09-07 17:23:10 +09:00
parent 1c1287e039
commit 00f6c9426b
No known key found for this signature in database
GPG Key ID: D778421BF418109E
21 changed files with 1275 additions and 357 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
2018/0xxx/CVE-2018-0623.json
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0623",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://jvn.jp/en/jp/JVN06813756/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loaded by the vulnerable products."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(Yayoi Kaikei 17 Series Ver.+E449+E447"
}
]
},
"product_name": "Multiple Yayoi 17 Series products"
}
]
},
"vendor_name": "Yayoi Co., Ltd."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0623",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
}
}

75
2018/0xxx/CVE-2018-0624.json
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0624",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://jvn.jp/en/jp/JVN06813756/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier)"
}
]
},
"product_name": "Multiple Yayoi 17 Series products"
}
]
},
"vendor_name": "Yayoi Co., Ltd."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0624",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0642.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0642",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers"
},
{
"url": "http://jvn.jp/en/jp/JVN70246549/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.1.2 to 6.6.4"
}
]
},
"product_name": "FV Flowplayer Video Player"
}
]
},
"vendor_name": "Foliovision"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0642",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0643.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0643",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
},
{
"url": "http://jvn.jp/en/jp/JVN37376131/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-server) 1:1.4.9+p41-u4jma1 and earlier"
}
]
},
"vendor_name": "ORCA Management Organization Co., Ltd."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0643",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0644.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0644",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
},
{
"url": "http://jvn.jp/en/jp/JVN37376131/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u5jma1 and earlier"
}
]
},
"vendor_name": "ORCA Management Organization Co., Ltd."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0644",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
}
}

81
2018/0xxx/CVE-2018-0645.json
View File

@ -1,18 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0645",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.tinybeans.net/blog/2015/06/26-230919.html"
},
{
"url": "https://bit-part.net/news/2018/07/mtappjquery-20180717.html"
},
{
"url": "http://jvn.jp/en/jp/JVN62423700/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.8.1 and earlier"
}
]
},
"product_name": "MTAppjQuery"
}
]
},
"vendor_name": "bit part LLC"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0645",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0647.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0647",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/"
},
{
"url": "http://jvn.jp/en/jp/JVN71329812/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.46"
}
]
},
"product_name": "WL-330NUL"
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0647",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0648.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0648",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://go.chatwork.com/download/"
},
{
"url": "http://jvn.jp/en/jp/JVN39171169/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.3.0 and earlier"
}
]
},
"product_name": "Installer of ChatWork Desktop App for Windows"
}
]
},
"vendor_name": "ChatWork Co,. LTD."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0648",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0649.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0649",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default"
},
{
"url": "http://jvn.jp/en/jp/JVN41452671/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))"
}
]
},
"product_name": "The installers of multiple Canon IT Solutions Inc. software programs"
}
]
},
"vendor_name": "Canon IT Solutions Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0649",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
}
}

81
2018/0xxx/CVE-2018-0650.json
View File

@ -1,18 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0650",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://linecorp.com/en/security/article/182"
},
{
"url": "https://play.google.com/store/apps/details?id=jp.linecorp.linemusic.android&hl=en"
},
{
"url": "http://jvn.jp/en/jp/JVN16933564/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "version 3.1.0 to versions prior to 3.6.5"
}
]
},
"product_name": "LINE MUSIC for Android"
}
]
},
"vendor_name": "LINE MUSIC CORPORATION"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0650",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0652.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0652",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/"
},
{
"url": "http://jvn.jp/en/jp/JVN18716340/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v.3.1.11 and earlier"
}
]
},
"product_name": "GROWI"
}
]
},
"vendor_name": "WESEEK, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0652",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0653.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0653",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/"
},
{
"url": "http://jvn.jp/en/jp/JVN18716340/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v.3.1.11 and earlier"
}
]
},
"product_name": "GROWI"
}
]
},
"vendor_name": "WESEEK, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0653",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0654.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0654",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/"
},
{
"url": "http://jvn.jp/en/jp/JVN18716340/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v.3.1.11 and earlier"
}
]
},
"product_name": "GROWI"
}
]
},
"vendor_name": "WESEEK, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0654",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0655.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0655",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/"
},
{
"url": "http://jvn.jp/en/jp/JVN18716340/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v.3.1.11 and earlier"
}
]
},
"product_name": "GROWI"
}
]
},
"vendor_name": "WESEEK, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0655",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}

75
2018/0xxx/CVE-2018-0657.json
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0657",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://jvn.jp/en/jp/JVN06372244/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier)"
}
]
},
"product_name": "EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE"
}
]
},
"vendor_name": "GMO Payment Gateway, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0657",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}

75
2018/0xxx/CVE-2018-0658.json
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0658",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://jvn.jp/en/jp/JVN06372244/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier)"
}
]
},
"product_name": "EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE"
}
]
},
"vendor_name": "GMO Payment Gateway, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0658",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0659.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0659",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://hibara.org/software/attachecase/?lang=en"
},
{
"url": "http://jvn.jp/en/jp/JVN62121133/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier"
}
]
},
"product_name": "AttacheCase"
}
]
},
"vendor_name": "HiBARA Software"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0659",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0660.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0660",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://hibara.org/software/attachecase/?lang=en"
},
{
"url": "http://jvn.jp/en/jp/JVN62121133/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier"
}
]
},
"product_name": "AttacheCase"
}
]
},
"vendor_name": "HiBARA Software"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0660",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0661.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0661",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"url": "http://jvn.jp/en/jp/JVN83701666/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or infomation including credentials leakage or alteration."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
}
]
},
"product_name": "Multiple I-O DATA network camera products"
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0661",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0662.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0662",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"url": "http://jvn.jp/en/jp/JVN83701666/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
}
]
},
"product_name": "Multiple I-O DATA network camera products"
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0662",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Verification of Data Authenticity"
}
]
}
]
}
}

78
2018/0xxx/CVE-2018-0663.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0663",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"url": "http://jvn.jp/en/jp/JVN83701666/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to executue arbitrary OS commands on the device via unspecified vector."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
}
]
},
"product_name": "Multiple I-O DATA network camera products"
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0663",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
}
}