diff --git a/2018/0xxx/CVE-2018-0545.json b/2018/0xxx/CVE-2018-0545.json index 57f1a9238bd..8366ad08eae 100644 --- a/2018/0xxx/CVE-2018-0545.json +++ b/2018/0xxx/CVE-2018-0545.json @@ -1,62 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-0545", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "LXR Project", - "product": { - "product_data": [ - { - "product_name": "LXR", - "version": { - "version_data": [ - { - "version_value": "version 1.0.0 to 2.3.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang": "eng", - "value":"OS Command Injection" - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"http://lxr.sourceforge.net/en/bugsandlimits.php" - }, - { - "url":"http://jvn.jp/en/jp/JVN72589538/index.html" - } - ] - }, - "description":{ - "description_data":[ - { - "lang": "eng", - "value":"LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0545", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "LXR", + "version" : { + "version_data" : [ + { + "version_value" : "version 1.0.0 to 2.3.0" + } + ] + } + } + ] + }, + "vendor_name" : "LXR Project" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "OS Command Injection" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://lxr.sourceforge.net/en/bugsandlimits.php", + "refsource" : "CONFIRM", + "url" : "http://lxr.sourceforge.net/en/bugsandlimits.php" + }, + { + "name" : "JVN#72589538", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN72589538/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0553.json b/2018/0xxx/CVE-2018-0553.json index 276ee88bd5a..d4d59ab0aad 100644 --- a/2018/0xxx/CVE-2018-0553.json +++ b/2018/0xxx/CVE-2018-0553.json @@ -1,62 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-0553", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Glamo Inc.", - "product": { - "product_data": [ - { - "product_name": "iRemoconWiFi App for Android", - "version": { - "version_data": [ - { - "version_value": "version 4.1.7 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang": "eng", - "value":"Fails to verify SSL certificates" - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"https://play.google.com/store/apps/details?id=jp.co.glamo.iremoconwifi" - }, - { - "url":"http://jvn.jp/en/jp/JVN43382653/index.html" - } - ] - }, - "description":{ - "description_data":[ - { - "lang": "eng", - "value":"The iRemoconWiFi App for Android version 4.1.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0553", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "iRemoconWiFi App for Android", + "version" : { + "version_data" : [ + { + "version_value" : "version 4.1.7 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Glamo Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The iRemoconWiFi App for Android version 4.1.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Fails to verify SSL certificates" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://play.google.com/store/apps/details?id=jp.co.glamo.iremoconwifi", + "refsource" : "MISC", + "url" : "https://play.google.com/store/apps/details?id=jp.co.glamo.iremoconwifi" + }, + { + "name" : "JVN#43382653", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN43382653/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0554.json b/2018/0xxx/CVE-2018-0554.json index 5ac6eeaa705..ced669c0065 100644 --- a/2018/0xxx/CVE-2018-0554.json +++ b/2018/0xxx/CVE-2018-0554.json @@ -1,62 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-0554", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "BUFFALO INC.", - "product": { - "product_data": [ - { - "product_name": "WZR-1750DHP2", - "version": { - "version_data": [ - { - "version_value": "Ver.2.30 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang": "eng", - "value":"Authentication bypass" - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"http://buffalo.jp/support_s/s20180328.html" - }, - { - "url":"http://jvn.jp/en/jp/JVN93397125/index.html" - } - ] - }, - "description":{ - "description_data":[ - { - "lang": "eng", - "value":"WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication execute arbitrary commands on the device via unspecified vectors." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0554", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "WZR-1750DHP2", + "version" : { + "version_data" : [ + { + "version_value" : "Ver.2.30 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "BUFFALO INC." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Authentication bypass" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://buffalo.jp/support_s/s20180328.html", + "refsource" : "CONFIRM", + "url" : "http://buffalo.jp/support_s/s20180328.html" + }, + { + "name" : "JVN#93397125", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN93397125/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0555.json b/2018/0xxx/CVE-2018-0555.json index 212e2ee2299..b608eb18807 100644 --- a/2018/0xxx/CVE-2018-0555.json +++ b/2018/0xxx/CVE-2018-0555.json @@ -1,62 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-0555", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "BUFFALO INC.", - "product": { - "product_data": [ - { - "product_name": "WZR-1750DHP2", - "version": { - "version_data": [ - { - "version_value": "Ver.2.30 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang": "eng", - "value":"Buffer Overflow" - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"http://buffalo.jp/support_s/s20180328.html" - }, - { - "url":"http://jvn.jp/en/jp/JVN93397125/index.html" - } - ] - }, - "description":{ - "description_data":[ - { - "lang": "eng", - "value":"Buffer overflow in WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via specially crafted file." - } - ] - } + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0555", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "WZR-1750DHP2", + "version" : { + "version_data" : [ + { + "version_value" : "Ver.2.30 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "BUFFALO INC." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://buffalo.jp/support_s/s20180328.html", + "refsource" : "CONFIRM", + "url" : "http://buffalo.jp/support_s/s20180328.html" + }, + { + "name" : "JVN#93397125", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN93397125/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0556.json b/2018/0xxx/CVE-2018-0556.json index 938beec3518..d5e65445278 100644 --- a/2018/0xxx/CVE-2018-0556.json +++ b/2018/0xxx/CVE-2018-0556.json @@ -1,62 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-0556", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "BUFFALO INC.", - "product": { - "product_data": [ - { - "product_name": "WZR-1750DHP2", - "version": { - "version_data": [ - { - "version_value": "Ver.2.30 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype":{ - "problemtype_data":[ - { - "description":[ - { - "lang": "eng", - "value":"OS Command Injection" - } - ] - } - ] - }, - "references":{ - "reference_data":[ - { - "url":"http://buffalo.jp/support_s/s20180328.html" - }, - { - "url":"http://jvn.jp/en/jp/JVN93397125/index.html" - } - ] - }, - "description":{ - "description_data":[ - { - "lang": "eng", - "value":"WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0556", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "WZR-1750DHP2", + "version" : { + "version_data" : [ + { + "version_value" : "Ver.2.30 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "BUFFALO INC." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "OS Command Injection" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://buffalo.jp/support_s/s20180328.html", + "refsource" : "CONFIRM", + "url" : "http://buffalo.jp/support_s/s20180328.html" + }, + { + "name" : "JVN#93397125", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN93397125/index.html" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1308.json b/2018/1xxx/CVE-2018-1308.json index f2ad2226c28..176fac12818 100644 --- a/2018/1xxx/CVE-2018-1308.json +++ b/2018/1xxx/CVE-2018-1308.json @@ -57,9 +57,13 @@ "references" : { "reference_data" : [ { + "name" : "[www-announce] 20180408 [SECURITY] CVE-2018-1308: XXE attack through Apache Solr's DIH's dataConfig request parameter", + "refsource" : "MLIST", "url" : "https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E" }, { + "name" : "https://issues.apache.org/jira/browse/SOLR-11971", + "refsource" : "CONFIRM", "url" : "https://issues.apache.org/jira/browse/SOLR-11971" } ]