diff --git a/2017/17xxx/CVE-2017-17171.json b/2017/17xxx/CVE-2017-17171.json index 77f68fe103b..160786e7294 100644 --- a/2017/17xxx/CVE-2017-17171.json +++ b/2017/17xxx/CVE-2017-17171.json @@ -146,6 +146,8 @@ "references" : { "reference_data" : [ { + "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone", + "refsource" : "CONFIRM", "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone" } ] diff --git a/2017/6xxx/CVE-2017-6153.json b/2017/6xxx/CVE-2017-6153.json index 618d840d844..42dd4411508 100644 --- a/2017/6xxx/CVE-2017-6153.json +++ b/2017/6xxx/CVE-2017-6153.json @@ -47,7 +47,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Features in BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a \"Zip Bomb\" attack." + "value" : "Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a \"Zip Bomb\" attack." } ] }, @@ -66,6 +66,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K52167636", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K52167636" } ] diff --git a/2018/11xxx/CVE-2018-11646.json b/2018/11xxx/CVE-2018-11646.json index 733a9448500..e644784b77c 100644 --- a/2018/11xxx/CVE-2018-11646.json +++ b/2018/11xxx/CVE-2018-11646.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in Safari Technology Preview Release 57, mishandles an unset pageURL, leading to an application crash." + "value" : "webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in Safari Technology Preview Release 57, mishandle an unset pageURL, leading to an application crash." } ] }, diff --git a/2018/11xxx/CVE-2018-11647.json b/2018/11xxx/CVE-2018-11647.json new file mode 100644 index 00000000000..b9b11c4fcc0 --- /dev/null +++ b/2018/11xxx/CVE-2018-11647.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11647", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11648.json b/2018/11xxx/CVE-2018-11648.json new file mode 100644 index 00000000000..24e4b2dbbcf --- /dev/null +++ b/2018/11xxx/CVE-2018-11648.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11648", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11649.json b/2018/11xxx/CVE-2018-11649.json new file mode 100644 index 00000000000..58ddbd779c8 --- /dev/null +++ b/2018/11xxx/CVE-2018-11649.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11649", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Hue 3.12 has XSS via the /pig/save/ name and script parameters." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/Blck4/HUE-Exploit", + "refsource" : "MISC", + "url" : "https://github.com/Blck4/HUE-Exploit" + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11650.json b/2018/11xxx/CVE-2018-11650.json new file mode 100644 index 00000000000..9445293d599 --- /dev/null +++ b/2018/11xxx/CVE-2018-11650.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11650", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/Graylog2/graylog2-server/pull/4727", + "refsource" : "MISC", + "url" : "https://github.com/Graylog2/graylog2-server/pull/4727" + }, + { + "name" : "https://www.graylog.org/post/announcing-graylog-v2-4-4", + "refsource" : "MISC", + "url" : "https://www.graylog.org/post/announcing-graylog-v2-4-4" + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11651.json b/2018/11xxx/CVE-2018-11651.json new file mode 100644 index 00000000000..ae07afd8d76 --- /dev/null +++ b/2018/11xxx/CVE-2018-11651.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11651", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/Graylog2/graylog2-server/pull/4739", + "refsource" : "MISC", + "url" : "https://github.com/Graylog2/graylog2-server/pull/4739" + }, + { + "name" : "https://www.graylog.org/post/announcing-graylog-v2-4-4", + "refsource" : "MISC", + "url" : "https://www.graylog.org/post/announcing-graylog-v2-4-4" + } + ] + } +} diff --git a/2018/5xxx/CVE-2018-5513.json b/2018/5xxx/CVE-2018-5513.json index 1b3677896fc..330b3832e41 100644 --- a/2018/5xxx/CVE-2018-5513.json +++ b/2018/5xxx/CVE-2018-5513.json @@ -50,7 +50,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "On BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue." + "value" : "On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue." } ] }, @@ -69,6 +69,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K46940010", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K46940010" } ] diff --git a/2018/5xxx/CVE-2018-5521.json b/2018/5xxx/CVE-2018-5521.json index 8d56667ba89..6282067e5aa 100644 --- a/2018/5xxx/CVE-2018-5521.json +++ b/2018/5xxx/CVE-2018-5521.json @@ -44,7 +44,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "On BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS." + "value" : "On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS." } ] }, @@ -63,6 +63,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K23124150", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K23124150" } ] diff --git a/2018/5xxx/CVE-2018-5522.json b/2018/5xxx/CVE-2018-5522.json index 0c7b85f5f18..0cc773bcb17 100644 --- a/2018/5xxx/CVE-2018-5522.json +++ b/2018/5xxx/CVE-2018-5522.json @@ -47,7 +47,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "On BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash." + "value" : "On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash." } ] }, @@ -66,6 +66,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K54130510", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K54130510" } ] diff --git a/2018/5xxx/CVE-2018-5523.json b/2018/5xxx/CVE-2018-5523.json index 5aef14345ca..1a76c0ec5d1 100644 --- a/2018/5xxx/CVE-2018-5523.json +++ b/2018/5xxx/CVE-2018-5523.json @@ -45,7 +45,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "On BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced." + "value" : "On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced." } ] }, @@ -64,6 +64,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K50254952", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K50254952" } ] diff --git a/2018/5xxx/CVE-2018-5524.json b/2018/5xxx/CVE-2018-5524.json index 217f137eca9..d69204b3359 100644 --- a/2018/5xxx/CVE-2018-5524.json +++ b/2018/5xxx/CVE-2018-5524.json @@ -41,7 +41,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Under certain conditions, on BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue." + "value" : "Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue." } ] }, @@ -60,6 +60,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K53931245", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K53931245" } ] diff --git a/2018/5xxx/CVE-2018-5525.json b/2018/5xxx/CVE-2018-5525.json index 747bdee8297..f7297129f6c 100644 --- a/2018/5xxx/CVE-2018-5525.json +++ b/2018/5xxx/CVE-2018-5525.json @@ -47,7 +47,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "A local file vulnerability exists in the BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data." + "value" : "A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data." } ] }, @@ -66,6 +66,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K00363258", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K00363258" } ] diff --git a/2018/5xxx/CVE-2018-5526.json b/2018/5xxx/CVE-2018-5526.json index b9b050bb5ae..999e6bc2fbf 100644 --- a/2018/5xxx/CVE-2018-5526.json +++ b/2018/5xxx/CVE-2018-5526.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Under certain conditions, on BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack." + "value" : "Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack." } ] }, @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K62201098", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K62201098" } ] diff --git a/2018/7xxx/CVE-2018-7949.json b/2018/7xxx/CVE-2018-7949.json index b1bb3ac24d3..bbbde936a85 100644 --- a/2018/7xxx/CVE-2018-7949.json +++ b/2018/7xxx/CVE-2018-7949.json @@ -110,6 +110,8 @@ "references" : { "reference_data" : [ { + "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en", + "refsource" : "CONFIRM", "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en" } ] diff --git a/2018/7xxx/CVE-2018-7950.json b/2018/7xxx/CVE-2018-7950.json index a83662a1c3d..088f45ff377 100644 --- a/2018/7xxx/CVE-2018-7950.json +++ b/2018/7xxx/CVE-2018-7950.json @@ -110,6 +110,8 @@ "references" : { "reference_data" : [ { + "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en", + "refsource" : "CONFIRM", "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en" } ] diff --git a/2018/7xxx/CVE-2018-7951.json b/2018/7xxx/CVE-2018-7951.json index f1d74a44751..07b6e949431 100644 --- a/2018/7xxx/CVE-2018-7951.json +++ b/2018/7xxx/CVE-2018-7951.json @@ -110,6 +110,8 @@ "references" : { "reference_data" : [ { + "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en", + "refsource" : "CONFIRM", "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en" } ] diff --git a/2018/7xxx/CVE-2018-7976.json b/2018/7xxx/CVE-2018-7976.json index 26dba726bfa..1a2f77851b0 100644 --- a/2018/7xxx/CVE-2018-7976.json +++ b/2018/7xxx/CVE-2018-7976.json @@ -37,7 +37,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "There is a stored cross-site scripting (XSS) vulnerability in eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop." + "value" : "There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop." } ] }, @@ -56,6 +56,8 @@ "references" : { "reference_data" : [ { + "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-xss-en", + "refsource" : "CONFIRM", "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-xss-en" } ]