- Synchronized data.

2025-06-08 14:08:13 +00:00 · 2018-06-01 10:03:49 -04:00 · 2018-06-01 10:03:49 -04:00 · 04aa8caee9
commit 04aa8caee9
parent 31e15e341d
19 changed files with 268 additions and 10 deletions
--- a/2017/17xxx/CVE-2017-17171.json
+++ b/2017/17xxx/CVE-2017-17171.json
@ -146,6 +146,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone",
+            "refsource" : "CONFIRM",
            "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone"
         }
      ]
--- a/2017/6xxx/CVE-2017-6153.json
+++ b/2017/6xxx/CVE-2017-6153.json
@ -47,7 +47,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "Features in BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a \"Zip Bomb\" attack."
+            "value" : "Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a \"Zip Bomb\" attack."
         }
      ]
   },
@ -66,6 +66,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "https://support.f5.com/csp/article/K52167636",
+            "refsource" : "CONFIRM",
            "url" : "https://support.f5.com/csp/article/K52167636"
         }
      ]
--- a/2018/11xxx/CVE-2018-11646.json
+++ b/2018/11xxx/CVE-2018-11646.json
@ -34,7 +34,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in Safari Technology Preview Release 57, mishandles an unset pageURL, leading to an application crash."
+            "value" : "webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in Safari Technology Preview Release 57, mishandle an unset pageURL, leading to an application crash."
         }
      ]
   },
--- a/2018/11xxx/CVE-2018-11647.json
+++ b/2018/11xxx/CVE-2018-11647.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-11647",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
--- a/2018/11xxx/CVE-2018-11648.json
+++ b/2018/11xxx/CVE-2018-11648.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-11648",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
--- a/2018/11xxx/CVE-2018-11649.json
+++ b/2018/11xxx/CVE-2018-11649.json
@ -0,0 +1,62 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-11649",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "Hue 3.12 has XSS via the /pig/save/ name and script parameters."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://github.com/Blck4/HUE-Exploit",
+            "refsource" : "MISC",
+            "url" : "https://github.com/Blck4/HUE-Exploit"
+         }
+      ]
+   }
+}
--- a/2018/11xxx/CVE-2018-11650.json
+++ b/2018/11xxx/CVE-2018-11650.json
@ -0,0 +1,67 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-11650",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://github.com/Graylog2/graylog2-server/pull/4727",
+            "refsource" : "MISC",
+            "url" : "https://github.com/Graylog2/graylog2-server/pull/4727"
+         },
+         {
+            "name" : "https://www.graylog.org/post/announcing-graylog-v2-4-4",
+            "refsource" : "MISC",
+            "url" : "https://www.graylog.org/post/announcing-graylog-v2-4-4"
+         }
+      ]
+   }
+}
--- a/2018/11xxx/CVE-2018-11651.json
+++ b/2018/11xxx/CVE-2018-11651.json
@ -0,0 +1,67 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-11651",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://github.com/Graylog2/graylog2-server/pull/4739",
+            "refsource" : "MISC",
+            "url" : "https://github.com/Graylog2/graylog2-server/pull/4739"
+         },
+         {
+            "name" : "https://www.graylog.org/post/announcing-graylog-v2-4-4",
+            "refsource" : "MISC",
+            "url" : "https://www.graylog.org/post/announcing-graylog-v2-4-4"
+         }
+      ]
+   }
+}
--- a/2018/5xxx/CVE-2018-5513.json
+++ b/2018/5xxx/CVE-2018-5513.json
@ -50,7 +50,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "On BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue."
+            "value" : "On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue."
         }
      ]
   },
@ -69,6 +69,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "https://support.f5.com/csp/article/K46940010",
+            "refsource" : "CONFIRM",
            "url" : "https://support.f5.com/csp/article/K46940010"
         }
      ]
--- a/2018/5xxx/CVE-2018-5521.json
+++ b/2018/5xxx/CVE-2018-5521.json
@ -44,7 +44,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "On BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS."
+            "value" : "On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS."
         }
      ]
   },
@ -63,6 +63,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "https://support.f5.com/csp/article/K23124150",
+            "refsource" : "CONFIRM",
            "url" : "https://support.f5.com/csp/article/K23124150"
         }
      ]
--- a/2018/5xxx/CVE-2018-5522.json
+++ b/2018/5xxx/CVE-2018-5522.json
@ -47,7 +47,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "On BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash."
+            "value" : "On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash."
         }
      ]
   },
@ -66,6 +66,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "https://support.f5.com/csp/article/K54130510",
+            "refsource" : "CONFIRM",
            "url" : "https://support.f5.com/csp/article/K54130510"
         }
      ]
--- a/2018/5xxx/CVE-2018-5523.json
+++ b/2018/5xxx/CVE-2018-5523.json
@ -45,7 +45,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "On BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced."
+            "value" : "On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced."
         }
      ]
   },
@ -64,6 +64,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "https://support.f5.com/csp/article/K50254952",
+            "refsource" : "CONFIRM",
            "url" : "https://support.f5.com/csp/article/K50254952"
         }
      ]
--- a/2018/5xxx/CVE-2018-5524.json
+++ b/2018/5xxx/CVE-2018-5524.json
@ -41,7 +41,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "Under certain conditions, on BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue."
+            "value" : "Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue."
         }
      ]
   },
@ -60,6 +60,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "https://support.f5.com/csp/article/K53931245",
+            "refsource" : "CONFIRM",
            "url" : "https://support.f5.com/csp/article/K53931245"
         }
      ]
--- a/2018/5xxx/CVE-2018-5525.json
+++ b/2018/5xxx/CVE-2018-5525.json
@ -47,7 +47,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "A local file vulnerability exists in the BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data."
+            "value" : "A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data."
         }
      ]
   },
@ -66,6 +66,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "https://support.f5.com/csp/article/K00363258",
+            "refsource" : "CONFIRM",
            "url" : "https://support.f5.com/csp/article/K00363258"
         }
      ]
--- a/2018/5xxx/CVE-2018-5526.json
+++ b/2018/5xxx/CVE-2018-5526.json
@ -35,7 +35,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "Under certain conditions, on BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack."
+            "value" : "Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack."
         }
      ]
   },
@ -54,6 +54,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "https://support.f5.com/csp/article/K62201098",
+            "refsource" : "CONFIRM",
            "url" : "https://support.f5.com/csp/article/K62201098"
         }
      ]
--- a/2018/7xxx/CVE-2018-7949.json
+++ b/2018/7xxx/CVE-2018-7949.json
@ -110,6 +110,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en",
+            "refsource" : "CONFIRM",
            "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en"
         }
      ]
--- a/2018/7xxx/CVE-2018-7950.json
+++ b/2018/7xxx/CVE-2018-7950.json
@ -110,6 +110,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en",
+            "refsource" : "CONFIRM",
            "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
         }
      ]
--- a/2018/7xxx/CVE-2018-7951.json
+++ b/2018/7xxx/CVE-2018-7951.json
@ -110,6 +110,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en",
+            "refsource" : "CONFIRM",
            "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-02-server-en"
         }
      ]
--- a/2018/7xxx/CVE-2018-7976.json
+++ b/2018/7xxx/CVE-2018-7976.json
@ -37,7 +37,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "There is a stored cross-site scripting (XSS) vulnerability in eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop."
+            "value" : "There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop."
         }
      ]
   },
@ -56,6 +56,8 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-xss-en",
+            "refsource" : "CONFIRM",
            "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-xss-en"
         }
      ]