admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-02-13 13:05:00 -05:00
parent 90bc86895a
commit 18f76035d5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
16 changed files with 949 additions and 876 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
2018/0xxx/CVE-2018-0696.json
View File

@ -1,65 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-0696",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenAM Consortium",
"product": {
"product_data": [
{
"product_name": "OpenAM",
"version": {
"version_data": [
{
"version_value": "13.0 and later"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0696",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OpenAM",
"version" : {
"version_data" : [
{
"version_value" : "13.0 and later"
}
]
}
}
]
},
"vendor_name" : "OpenAM Consortium"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to manage sessions"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to manage sessions"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cs.themistruct.com/report/wam20181012"
},
{
"url": "https://www.osstech.co.jp/support/am2018-4-1-en"
},
{
"url": "http://jvn.jp/en/jp/JVN49995005/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.cs.themistruct.com/report/wam20181012",
"refsource" : "MISC",
"url" : "https://www.cs.themistruct.com/report/wam20181012"
},
{
"name" : "https://www.osstech.co.jp/support/am2018-4-1-en",
"refsource" : "MISC",
"url" : "https://www.osstech.co.jp/support/am2018-4-1-en"
},
{
"name" : "JVN#49995005",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN49995005/index.html"
}
]
}
}

80
2018/13xxx/CVE-2018-13403.json
View File

@ -1,77 +1,79 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-01-18T00:00:00",
"ID": "CVE-2018-13403",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2019-01-18T00:00:00",
"ID" : "CVE-2018-13403",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Jira",
"version": {
"version_data": [
"product_name" : "Jira",
"version" : {
"version_data" : [
{
"version_value": "7.6.10",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.6.10"
},
{
"version_value": "7.7.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.7.0"
},
{
"version_value": "7.12.4",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.12.4"
},
{
"version_value": "7.13.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.13.0"
},
{
"version_value": "7.13.1",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.13.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"vendor_name" : "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard."
"lang" : "eng",
"value" : "The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-68526"
"name" : "https://jira.atlassian.com/browse/JRASERVER-68526",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-68526"
}
]
}

120
2018/13xxx/CVE-2018-13404.json
View File

@ -1,117 +1,119 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-01-18T00:00:00",
"ID": "CVE-2018-13404",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2019-01-18T00:00:00",
"ID" : "CVE-2018-13404",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Jira",
"version": {
"version_data": [
"product_name" : "Jira",
"version" : {
"version_data" : [
{
"version_value": "7.6.10",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.6.10"
},
{
"version_value": "7.7.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.7.0"
},
{
"version_value": "7.7.5",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.7.5"
},
{
"version_value": "7.8.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.8.0"
},
{
"version_value": "7.8.5",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.8.5"
},
{
"version_value": "7.9.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.9.0"
},
{
"version_value": "7.9.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.9.3"
},
{
"version_value": "7.10.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.10.0"
},
{
"version_value": "7.10.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.10.3"
},
{
"version_value": "7.11.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.11.0"
},
{
"version_value": "7.11.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.11.3"
},
{
"version_value": "7.12.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.12.0"
},
{
"version_value": "7.12.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.12.3"
},
{
"version_value": "7.13.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.13.0"
},
{
"version_value": "7.13.1",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.13.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"vendor_name" : "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability."
"lang" : "eng",
"value" : "The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
"lang" : "eng",
"value" : "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-68527"
"name" : "https://jira.atlassian.com/browse/JRASERVER-68527",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-68527"
}
]
}

125
2018/16xxx/CVE-2018-16189.json
View File

@ -1,62 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16189",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micco",
"product": {
"product_data": [
{
"product_name": "Self-Extracting Archives created by UNLHA32.DLL",
"version": {
"version_data": [
{
"version_value": "prior to Ver 3.00"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16189",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Self-Extracting Archives created by UNLHA32.DLL",
"version" : {
"version_data" : [
{
"version_value" : "prior to Ver 3.00"
}
]
}
}
]
},
"vendor_name" : "Micco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://micco.mars.jp/vul/2017/mhsvi20170515_01.htm"
},
{
"url": "http://jvn.jp/en/jp/JVN52168232/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://micco.mars.jp/vul/2017/mhsvi20170515_01.htm",
"refsource" : "MISC",
"url" : "http://micco.mars.jp/vul/2017/mhsvi20170515_01.htm"
},
{
"name" : "JVN#52168232",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52168232/index.html"
}
]
}
}

149
2018/16xxx/CVE-2018-16190.json
View File

@ -1,71 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16190",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micco",
"product": {
"product_data": [
{
"product_name": "UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL",
"version": {
"version_data": [
{
"version_value": "(UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier)"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL",
"version" : {
"version_data" : [
{
"version_value" : "(UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier)"
}
]
}
}
]
},
"vendor_name" : "Micco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://micco.mars.jp/vul/2017/mhsvi20170515_02.htm"
},
{
"url": "https://micco.mars.jp/vul/2017/mhsvi20170515_03.htm"
},
{
"url": "http://micco.mars.jp/vul/2017/mhsvi20170515_04.htm"
},
{
"url": "http://micco.mars.jp/vul/2017/mhsvi20170515_05.htm"
},
{
"url": "http://jvn.jp/en/jp/JVN52168232/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://micco.mars.jp/vul/2017/mhsvi20170515_02.htm",
"refsource" : "MISC",
"url" : "http://micco.mars.jp/vul/2017/mhsvi20170515_02.htm"
},
{
"name" : "http://micco.mars.jp/vul/2017/mhsvi20170515_04.htm",
"refsource" : "MISC",
"url" : "http://micco.mars.jp/vul/2017/mhsvi20170515_04.htm"
},
{
"name" : "http://micco.mars.jp/vul/2017/mhsvi20170515_05.htm",
"refsource" : "MISC",
"url" : "http://micco.mars.jp/vul/2017/mhsvi20170515_05.htm"
},
{
"name" : "https://micco.mars.jp/vul/2017/mhsvi20170515_03.htm",
"refsource" : "MISC",
"url" : "https://micco.mars.jp/vul/2017/mhsvi20170515_03.htm"
},
{
"name" : "JVN#52168232",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52168232/index.html"
}
]
}
}

72
2018/20xxx/CVE-2018-20232.json
View File

@ -1,69 +1,71 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-01-25T00:00:00",
"ID": "CVE-2018-20232",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2019-01-25T00:00:00",
"ID" : "CVE-2018-20232",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Jira",
"version": {
"version_data": [
"product_name" : "Jira",
"version" : {
"version_data" : [
{
"version_value": "7.6.11",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.6.11"
},
{
"version_value": "7.7.0",
"version_affected": ">"
"version_affected" : ">",
"version_value" : "7.7.0"
},
{
"version_value": "7.13.1",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.13.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"vendor_name" : "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting."
"lang" : "eng",
"value" : "The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-68614"
"name" : "https://jira.atlassian.com/browse/JRASERVER-68614",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-68614"
}
]
}

74
2018/20xxx/CVE-2018-20237.json
View File

@ -1,72 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-02-07T00:00:00",
"ID": "CVE-2018-20237",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2019-02-07T00:00:00",
"ID" : "CVE-2018-20237",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Confluence Server",
"version": {
"version_data": [
"product_name" : "Confluence Server",
"version" : {
"version_data" : [
{
"version_value": "6.13.1",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "6.13.1"
}
]
}
},
{
"product_name": "Confluence Data Center",
"version": {
"version_data": [
"product_name" : "Confluence Data Center",
"version" : {
"version_data" : [
{
"version_value": "6.13.1",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "6.13.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"vendor_name" : "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature."
"lang" : "eng",
"value" : "Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Indirect Object Reference"
"lang" : "eng",
"value" : "Indirect Object Reference"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-57814"
"name" : "https://jira.atlassian.com/browse/CONFSERVER-57814",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/CONFSERVER-57814"
}
]
}

72
2018/20xxx/CVE-2018-20238.json
View File

@ -1,69 +1,71 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-02-13T00:00:00",
"ID": "CVE-2018-20238",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2019-02-13T00:00:00",
"ID" : "CVE-2018-20238",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Crowd",
"version": {
"version_data": [
"product_name" : "Crowd",
"version" : {
"version_data" : [
{
"version_value": "3.2.7",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "3.2.7"
},
{
"version_value": "3.3.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "3.3.0"
},
{
"version_value": "3.3.4",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "3.3.4"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"vendor_name" : "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability."
"lang" : "eng",
"value" : "Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Insufficient Session Expiration"
"lang" : "eng",
"value" : "Insufficient Session Expiration"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://jira.atlassian.com/browse/CWD-5361"
"name" : "https://jira.atlassian.com/browse/CWD-5361",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/CWD-5361"
}
]
}

125
2019/5xxx/CVE-2019-5909.json
View File

@ -1,62 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5909",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yokogawa Electric Corporation",
"product": {
"product_data": [
{
"product_name": "License Manager Service of YOKOGAWA products",
"version": {
"version_data": [
{
"version_value": "(CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03))"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2019-5909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "License Manager Service of YOKOGAWA products",
"version" : {
"version_data" : [
{
"version_value" : "(CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03))"
}
]
}
}
]
},
"vendor_name" : "Yokogawa Electric Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication Bypass by Assumed-Immutable Data"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass by Assumed-Immutable Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdf"
},
{
"url": "http://jvn.jp/vu/JVNVU99147082/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://jvn.jp/vu/JVNVU99147082/index.html",
"refsource" : "MISC",
"url" : "http://jvn.jp/vu/JVNVU99147082/index.html"
},
{
"name" : "https://web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdf",
"refsource" : "MISC",
"url" : "https://web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdf"
}
]
}
}

117
2019/5xxx/CVE-2019-5910.json
View File

@ -1,59 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5910",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HOUSE GATE inc.",
"product": {
"product_data": [
{
"product_name": "HOUSE GATE App for iOS",
"version": {
"version_data": [
{
"version_value": "1.7.8 and earlier"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2019-5910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HOUSE GATE App for iOS",
"version" : {
"version_data" : [
{
"version_value" : "1.7.8 and earlier"
}
]
}
}
]
},
"vendor_name" : "HOUSE GATE inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://jvn.jp/en/jp/JVN98505783/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#98505783",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN98505783/index.html"
}
]
}
}

125
2019/5xxx/CVE-2019-5911.json
View File

@ -1,62 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5911",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micco",
"product": {
"product_data": [
{
"product_name": "The installer of UNLHA32.DLL",
"version": {
"version_data": [
{
"version_value": "(UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier)"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2019-5911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "The installer of UNLHA32.DLL",
"version" : {
"version_data" : [
{
"version_value" : "(UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier)"
}
]
}
}
]
},
"vendor_name" : "Micco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://micco.mars.jp/vul/2017/mhsvi20170515_01.htm"
},
{
"url": "http://jvn.jp/en/jp/JVN83826673/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://micco.mars.jp/vul/2017/mhsvi20170515_01.htm",
"refsource" : "MISC",
"url" : "http://micco.mars.jp/vul/2017/mhsvi20170515_01.htm"
},
{
"name" : "JVN#83826673",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN83826673/index.html"
}
]
}
}

125
2019/5xxx/CVE-2019-5912.json
View File

@ -1,62 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5912",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micco",
"product": {
"product_data": [
{
"product_name": "The installer of UNARJ32.DLL",
"version": {
"version_data": [
{
"version_value": "(UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier)"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2019-5912",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "The installer of UNARJ32.DLL",
"version" : {
"version_data" : [
{
"version_value" : "(UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier)"
}
]
}
}
]
},
"vendor_name" : "Micco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://micco.mars.jp/vul/2017/mhsvi20170515_01.htm"
},
{
"url": "http://jvn.jp/en/jp/JVN83826673/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://micco.mars.jp/vul/2017/mhsvi20170515_01.htm",
"refsource" : "MISC",
"url" : "http://micco.mars.jp/vul/2017/mhsvi20170515_01.htm"
},
{
"name" : "JVN#83826673",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN83826673/index.html"
}
]
}
}

125
2019/5xxx/CVE-2019-5913.json
View File

@ -1,62 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5913",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micco",
"product": {
"product_data": [
{
"product_name": "The installer of LHMelting",
"version": {
"version_data": [
{
"version_value": "(LHMelting for Win32 Ver 1.65.3.6 and earlier)"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2019-5913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "The installer of LHMelting",
"version" : {
"version_data" : [
{
"version_value" : "(LHMelting for Win32 Ver 1.65.3.6 and earlier)"
}
]
}
}
]
},
"vendor_name" : "Micco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://micco.mars.jp/vul/2017/mhsvi20170515_01.htm"
},
{
"url": "http://jvn.jp/en/jp/JVN83826673/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://micco.mars.jp/vul/2017/mhsvi20170515_01.htm",
"refsource" : "MISC",
"url" : "http://micco.mars.jp/vul/2017/mhsvi20170515_01.htm"
},
{
"name" : "JVN#83826673",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN83826673/index.html"
}
]
}
}

125
2019/5xxx/CVE-2019-5914.json
View File

@ -1,62 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5914",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NTT DOCOMO, INC.",
"product": {
"product_data": [
{
"product_name": "V20 PRO L-01J",
"version": {
"version_data": [
{
"version_value": "software version L01J20c and L01J20d"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2019-5914",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "V20 PRO L-01J",
"version" : {
"version_data" : [
{
"version_value" : "software version L01J20c and L01J20d"
}
]
}
}
]
},
"vendor_name" : "NTT DOCOMO, INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Null Pointer Exception"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null Pointer Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
},
{
"url": "http://jvn.jp/en/jp/JVN40439414/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html",
"refsource" : "MISC",
"url" : "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
},
{
"name" : "JVN#40439414",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN40439414/index.html"
}
]
}
}

133
2019/5xxx/CVE-2019-5915.json
View File

@ -1,65 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5915",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenAM Consortium",
"product": {
"product_data": [
{
"product_name": "OpenAM (Open Source Edition)",
"version": {
"version_data": [
{
"version_value": "13"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2019-5915",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OpenAM (Open Source Edition)",
"version" : {
"version_data" : [
{
"version_value" : "13"
}
]
}
}
]
},
"vendor_name" : "OpenAM Consortium"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Open Redirect"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.osstech.co.jp/support/am2019-1-1"
},
{
"url": "https://www.cs.themistruct.com/"
},
{
"url": "http://jvn.jp/en/jp/JVN43193964/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.cs.themistruct.com/",
"refsource" : "MISC",
"url" : "https://www.cs.themistruct.com/"
},
{
"name" : "https://www.osstech.co.jp/support/am2019-1-1",
"refsource" : "MISC",
"url" : "https://www.osstech.co.jp/support/am2019-1-1"
},
{
"name" : "JVN#43193964",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN43193964/index.html"
}
]
}
}

125
2019/5xxx/CVE-2019-5916.json
View File

@ -1,62 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5916",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-CIRCLE inc.",
"product": {
"product_data": [
{
"product_name": "POWER EGG",
"version": {
"version_data": [
{
"version_value": "(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier)"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2019-5916",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "POWER EGG",
"version" : {
"version_data" : [
{
"version_value" : "(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier)"
}
]
}
}
]
},
"vendor_name" : "D-CIRCLE inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://poweregg.d-circle.com/support/package/important/20190204_000780/"
},
{
"url": "http://jvn.jp/en/jp/JVN63860183/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://poweregg.d-circle.com/support/package/important/20190204_000780/",
"refsource" : "MISC",
"url" : "https://poweregg.d-circle.com/support/package/important/20190204_000780/"
},
{
"name" : "JVN#63860183",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN63860183/index.html"
}
]
}
}