admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-09-07 10:04:31 -04:00
parent d88c7c0b29
commit 0a15dcdfa1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
23 changed files with 1447 additions and 1212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
2018/0xxx/CVE-2018-0623.json
View File

@ -1,59 +1,62 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN06813756/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Multiple Yayoi 17 Series products",
"version" : {
"version_data" : [
{
"version_value" : "(Yayoi Kaikei 17 Series Ver.+E449+E447"
}
]
}
}
]
},
"vendor_name" : "Yayoi Co., Ltd."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loaded by the vulnerable products."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(Yayoi Kaikei 17 Series Ver.+E449+E447"
}
]
},
"product_name": "Multiple Yayoi 17 Series products"
}
]
},
"vendor_name": "Yayoi Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loaded by the vulnerable products."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0623",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#06813756",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN06813756/index.html"
}
]
}
}

113
2018/0xxx/CVE-2018-0624.json
View File

@ -1,59 +1,62 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0624",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN06813756/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Multiple Yayoi 17 Series products",
"version" : {
"version_data" : [
{
"version_value" : "(Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier)"
}
]
}
}
]
},
"vendor_name" : "Yayoi Co., Ltd."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier)"
}
]
},
"product_name": "Multiple Yayoi 17 Series products"
}
]
},
"vendor_name": "Yayoi Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0624",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#06813756",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN06813756/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0642.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers"
},
{
"url": "http://jvn.jp/en/jp/JVN70246549/index.html"
"product" : {
"product_data" : [
{
"product_name" : "FV Flowplayer Video Player",
"version" : {
"version_data" : [
{
"version_value" : "6.1.2 to 6.6.4"
}
]
}
}
]
},
"vendor_name" : "Foliovision"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.1.2 to 6.6.4"
}
]
},
"product_name": "FV Flowplayer Video Player"
}
]
},
"vendor_name": "Foliovision"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0642",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers"
},
{
"name" : "JVN#70246549",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN70246549/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0643.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0643",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
},
{
"url": "http://jvn.jp/en/jp/JVN37376131/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-server) 1:1.4.9+p41-u4jma1 and earlier",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"vendor_name" : "ORCA Management Organization Co., Ltd."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-server) 1:1.4.9+p41-u4jma1 and earlier"
}
]
},
"vendor_name": "ORCA Management Organization Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0643",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html",
"refsource" : "CONFIRM",
"url" : "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
},
{
"name" : "JVN#37376131",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN37376131/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0644.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
},
{
"url": "http://jvn.jp/en/jp/JVN37376131/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u5jma1 and earlier",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"vendor_name" : "ORCA Management Organization Co., Ltd."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u5jma1 and earlier"
}
]
},
"vendor_name": "ORCA Management Organization Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0644",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html",
"refsource" : "CONFIRM",
"url" : "https://www.orca.med.or.jp/news/vulnerability_2018-07-18-1.html"
},
{
"name" : "JVN#37376131",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN37376131/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0645.json
View File

@ -1,65 +1,72 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0645",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://www.tinybeans.net/blog/2015/06/26-230919.html"
},
{
"url": "https://bit-part.net/news/2018/07/mtappjquery-20180717.html"
},
{
"url": "http://jvn.jp/en/jp/JVN62423700/index.html"
"product" : {
"product_data" : [
{
"product_name" : "MTAppjQuery",
"version" : {
"version_data" : [
{
"version_value" : "1.8.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "bit part LLC"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.8.1 and earlier"
}
]
},
"product_name": "MTAppjQuery"
}
]
},
"vendor_name": "bit part LLC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0645",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tinybeans.net/blog/2015/06/26-230919.html",
"refsource" : "CONFIRM",
"url" : "http://www.tinybeans.net/blog/2015/06/26-230919.html"
},
{
"name" : "https://bit-part.net/news/2018/07/mtappjquery-20180717.html",
"refsource" : "CONFIRM",
"url" : "https://bit-part.net/news/2018/07/mtappjquery-20180717.html"
},
{
"name" : "JVN#62423700",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN62423700/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0647.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/"
},
{
"url": "http://jvn.jp/en/jp/JVN71329812/index.html"
"product" : {
"product_data" : [
{
"product_name" : "WL-330NUL",
"version" : {
"version_data" : [
{
"version_value" : "Firmware version prior to 3.0.0.46"
}
]
}
}
]
},
"vendor_name" : "ASUS Japan Inc."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.46"
}
]
},
"product_name": "WL-330NUL"
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0647",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/",
"refsource" : "MISC",
"url" : "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/"
},
{
"name" : "JVN#71329812",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN71329812/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0648.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://go.chatwork.com/download/"
},
{
"url": "http://jvn.jp/en/jp/JVN39171169/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Installer of ChatWork Desktop App for Windows",
"version" : {
"version_data" : [
{
"version_value" : "2.3.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "ChatWork Co,. LTD."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.3.0 and earlier"
}
]
},
"product_name": "Installer of ChatWork Desktop App for Windows"
}
]
},
"vendor_name": "ChatWork Co,. LTD."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0648",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://go.chatwork.com/download/",
"refsource" : "MISC",
"url" : "https://go.chatwork.com/download/"
},
{
"name" : "JVN#39171169",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN39171169/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0649.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default"
},
{
"url": "http://jvn.jp/en/jp/JVN41452671/index.html"
"product" : {
"product_data" : [
{
"product_name" : "The installers of multiple Canon IT Solutions Inc. software programs",
"version" : {
"version_data" : [
{
"version_value" : "(ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))"
}
]
}
}
]
},
"vendor_name" : "Canon IT Solutions Inc."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))"
}
]
},
"product_name": "The installers of multiple Canon IT Solutions Inc. software programs"
}
]
},
"vendor_name": "Canon IT Solutions Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0649",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default",
"refsource" : "CONFIRM",
"url" : "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default"
},
{
"name" : "JVN#41452671",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN41452671/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0650.json
View File

@ -1,65 +1,72 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://linecorp.com/en/security/article/182"
},
{
"url": "https://play.google.com/store/apps/details?id=jp.linecorp.linemusic.android&hl=en"
},
{
"url": "http://jvn.jp/en/jp/JVN16933564/index.html"
"product" : {
"product_data" : [
{
"product_name" : "LINE MUSIC for Android",
"version" : {
"version_data" : [
{
"version_value" : "version 3.1.0 to versions prior to 3.6.5"
}
]
}
}
]
},
"vendor_name" : "LINE MUSIC CORPORATION"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "version 3.1.0 to versions prior to 3.6.5"
}
]
},
"product_name": "LINE MUSIC for Android"
}
]
},
"vendor_name": "LINE MUSIC CORPORATION"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to verify SSL certificates"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0650",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://play.google.com/store/apps/details?id=jp.linecorp.linemusic.android&hl=en",
"refsource" : "MISC",
"url" : "https://play.google.com/store/apps/details?id=jp.linecorp.linemusic.android&hl=en"
},
{
"name" : "https://linecorp.com/en/security/article/182",
"refsource" : "CONFIRM",
"url" : "https://linecorp.com/en/security/article/182"
},
{
"name" : "JVN#16933564",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN16933564/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0652.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0652",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/"
},
{
"url": "http://jvn.jp/en/jp/JVN18716340/index.html"
"product" : {
"product_data" : [
{
"product_name" : "GROWI",
"version" : {
"version_data" : [
{
"version_value" : "v.3.1.11 and earlier"
}
]
}
}
]
},
"vendor_name" : "WESEEK, Inc."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v.3.1.11 and earlier"
}
]
},
"product_name": "GROWI"
}
]
},
"vendor_name": "WESEEK, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0652",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/",
"refsource" : "CONFIRM",
"url" : "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/"
},
{
"name" : "JVN#18716340",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN18716340/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0653.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0653",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/"
},
{
"url": "http://jvn.jp/en/jp/JVN18716340/index.html"
"product" : {
"product_data" : [
{
"product_name" : "GROWI",
"version" : {
"version_data" : [
{
"version_value" : "v.3.1.11 and earlier"
}
]
}
}
]
},
"vendor_name" : "WESEEK, Inc."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v.3.1.11 and earlier"
}
]
},
"product_name": "GROWI"
}
]
},
"vendor_name": "WESEEK, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0653",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/",
"refsource" : "CONFIRM",
"url" : "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/"
},
{
"name" : "JVN#18716340",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN18716340/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0654.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0654",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/"
},
{
"url": "http://jvn.jp/en/jp/JVN18716340/index.html"
"product" : {
"product_data" : [
{
"product_name" : "GROWI",
"version" : {
"version_data" : [
{
"version_value" : "v.3.1.11 and earlier"
}
]
}
}
]
},
"vendor_name" : "WESEEK, Inc."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v.3.1.11 and earlier"
}
]
},
"product_name": "GROWI"
}
]
},
"vendor_name": "WESEEK, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0654",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/",
"refsource" : "CONFIRM",
"url" : "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/"
},
{
"name" : "JVN#18716340",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN18716340/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0655.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0655",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/"
},
{
"url": "http://jvn.jp/en/jp/JVN18716340/index.html"
"product" : {
"product_data" : [
{
"product_name" : "GROWI",
"version" : {
"version_data" : [
{
"version_value" : "v.3.1.11 and earlier"
}
]
}
}
]
},
"vendor_name" : "WESEEK, Inc."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v.3.1.11 and earlier"
}
]
},
"product_name": "GROWI"
}
]
},
"vendor_name": "WESEEK, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0655",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/",
"refsource" : "CONFIRM",
"url" : "https://weseek.co.jp/security/2018/07/31/growi-prevent-xss/"
},
{
"name" : "JVN#18716340",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN18716340/index.html"
}
]
}
}

113
2018/0xxx/CVE-2018-0657.json
View File

@ -1,59 +1,62 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0657",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN06372244/index.html"
"product" : {
"product_data" : [
{
"product_name" : "EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE",
"version" : {
"version_data" : [
{
"version_value" : "(EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier)"
}
]
}
}
]
},
"vendor_name" : "GMO Payment Gateway, Inc."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier)"
}
]
},
"product_name": "EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE"
}
]
},
"vendor_name": "GMO Payment Gateway, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0657",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#06372244",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN06372244/index.html"
}
]
}
}

113
2018/0xxx/CVE-2018-0658.json
View File

@ -1,59 +1,62 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN06372244/index.html"
"product" : {
"product_data" : [
{
"product_name" : "EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE",
"version" : {
"version_data" : [
{
"version_value" : "(EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier)"
}
]
}
}
]
},
"vendor_name" : "GMO Payment Gateway, Inc."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier)"
}
]
},
"product_name": "EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE"
}
]
},
"vendor_name": "GMO Payment Gateway, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0658",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#06372244",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN06372244/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0659.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0659",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://hibara.org/software/attachecase/?lang=en"
},
{
"url": "http://jvn.jp/en/jp/JVN62121133/index.html"
"product" : {
"product_data" : [
{
"product_name" : "AttacheCase",
"version" : {
"version_data" : [
{
"version_value" : "ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "HiBARA Software"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier"
}
]
},
"product_name": "AttacheCase"
}
]
},
"vendor_name": "HiBARA Software"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0659",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hibara.org/software/attachecase/?lang=en",
"refsource" : "CONFIRM",
"url" : "https://hibara.org/software/attachecase/?lang=en"
},
{
"name" : "JVN#62121133",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN62121133/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0660.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0660",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://hibara.org/software/attachecase/?lang=en"
},
{
"url": "http://jvn.jp/en/jp/JVN62121133/index.html"
"product" : {
"product_data" : [
{
"product_name" : "AttacheCase",
"version" : {
"version_data" : [
{
"version_value" : "ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "HiBARA Software"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier"
}
]
},
"product_name": "AttacheCase"
}
]
},
"vendor_name": "HiBARA Software"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0660",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hibara.org/software/attachecase/?lang=en",
"refsource" : "CONFIRM",
"url" : "https://hibara.org/software/attachecase/?lang=en"
},
{
"name" : "JVN#62121133",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN62121133/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0661.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"url": "http://jvn.jp/en/jp/JVN83701666/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Multiple I-O DATA network camera products",
"version" : {
"version_data" : [
{
"version_value" : "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
}
]
}
}
]
},
"vendor_name" : "I-O DATA DEVICE, INC."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or infomation including credentials leakage or alteration."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
}
]
},
"product_name": "Multiple I-O DATA network camera products"
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to restrict access"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0661",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.iodata.jp/support/information/2018/ts-wrlp/",
"refsource" : "CONFIRM",
"url" : "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"name" : "JVN#83701666",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN83701666/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0662.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"url": "http://jvn.jp/en/jp/JVN83701666/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Multiple I-O DATA network camera products",
"version" : {
"version_data" : [
{
"version_value" : "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
}
]
}
}
]
},
"vendor_name" : "I-O DATA DEVICE, INC."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
}
]
},
"product_name": "Multiple I-O DATA network camera products"
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient Verification of Data Authenticity"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0662",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Verification of Data Authenticity"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.iodata.jp/support/information/2018/ts-wrlp/",
"refsource" : "CONFIRM",
"url" : "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"name" : "JVN#83701666",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN83701666/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0663.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"url": "http://jvn.jp/en/jp/JVN83701666/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Multiple I-O DATA network camera products",
"version" : {
"version_data" : [
{
"version_value" : "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
}
]
}
}
]
},
"vendor_name" : "I-O DATA DEVICE, INC."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to executue arbitrary OS commands on the device via unspecified vector."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
}
]
},
"product_name": "Multiple I-O DATA network camera products"
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Hard-coded Credentials"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0663",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.iodata.jp/support/information/2018/ts-wrlp/",
"refsource" : "CONFIRM",
"url" : "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"name" : "JVN#83701666",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN83701666/index.html"
}
]
}
}

62
2018/16xxx/CVE-2018-16657.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16657",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://skalatan.de/blog/advisory-hw-2018-06",
"refsource" : "MISC",
"url" : "https://skalatan.de/blog/advisory-hw-2018-06"
}
]
}
}

72
2018/16xxx/CVE-2018-16658.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4"
},
{
"name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.6",
"refsource" : "MISC",
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.6"
},
{
"name" : "https://github.com/torvalds/linux/commit/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4"
}
]
}
}