diff --git a/2018/10xxx/CVE-2018-10943.json b/2018/10xxx/CVE-2018-10943.json index 0e0d61b36eb..3909de93999 100644 --- a/2018/10xxx/CVE-2018-10943.json +++ b/2018/10xxx/CVE-2018-10943.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-10943", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003", + "refsource" : "CONFIRM", + "url" : "https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003" + }, + { + "name" : "https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003", + "refsource" : "CONFIRM", + "url" : "https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003" } ] } diff --git a/2018/13xxx/CVE-2018-13833.json b/2018/13xxx/CVE-2018-13833.json new file mode 100644 index 00000000000..ebf9bd27437 --- /dev/null +++ b/2018/13xxx/CVE-2018-13833.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13833", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFile function in image.cpp allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/dariomanesku/cmft/issues/38", + "refsource" : "MISC", + "url" : "https://github.com/dariomanesku/cmft/issues/38" + }, + { + "name" : "https://github.com/fouzhe/security/tree/master/cmft", + "refsource" : "MISC", + "url" : "https://github.com/fouzhe/security/tree/master/cmft" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1407.json b/2018/1xxx/CVE-2018-1407.json index 58eb0ae70c2..6c0714b935e 100644 --- a/2018/1xxx/CVE-2018-1407.json +++ b/2018/1xxx/CVE-2018-1407.json @@ -1,20 +1,18 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138445.", - "lang" : "eng" - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-07-06T00:00:00", + "ID" : "CVE-2018-1407", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Rational Team Concert", "version" : { "version_data" : [ { @@ -45,69 +43,69 @@ "version_value" : "6.0.5" } ] - }, - "product_name" : "Rational Team Concert" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138445." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Cross-Site Scripting", - "lang" : "eng" + "lang" : "eng", + "value" : "Cross-Site Scripting" } ] } ] }, - "data_format" : "MITRE", - "data_type" : "CVE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-07-06T00:00:00", - "ID" : "CVE-2018-1407", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "H" - }, - "BM" : { - "AV" : "N", - "A" : "N", - "C" : "L", - "AC" : "L", - "I" : "L", - "S" : "C", - "UI" : "R", - "SCORE" : "5.400", - "PR" : "L" - } - } - }, - "data_version" : "4.0", "references" : { "reference_data" : [ { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10716507", "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 0716507 (Rational Team Concert)", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10716507", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10716507" + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10716507" }, { - "name" : "ibm-rtc-cve20181407-xss (138445)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138445", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" + "name" : "ibm-rtc-cve20181407-xss(138445)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138445" } ] } diff --git a/2018/1xxx/CVE-2018-1408.json b/2018/1xxx/CVE-2018-1408.json index 502fa28ad78..dfdf5cf8a8a 100644 --- a/2018/1xxx/CVE-2018-1408.json +++ b/2018/1xxx/CVE-2018-1408.json @@ -1,49 +1,10 @@ { - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 0716507 (Rational Team Concert)", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10716507", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10716507" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-rtc-cve20181408-xss (138446)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138446" - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "L", - "A" : "N", - "AV" : "N", - "PR" : "L", - "SCORE" : "5.400", - "UI" : "R", - "S" : "C", - "I" : "L", - "AC" : "L" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - } - } - }, "CVE_data_meta" : { - "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-07-06T00:00:00", "ID" : "CVE-2018-1408", - "ASSIGNER" : "psirt@us.ibm.com" + "STATE" : "PUBLIC" }, - "data_type" : "CVE", - "data_format" : "MITRE", "affects" : { "vendor" : { "vendor_data" : [ @@ -51,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "Rational Team Concert", "version" : { "version_data" : [ { @@ -81,8 +43,7 @@ "version_value" : "6.0.5" } ] - }, - "product_name" : "Rational Team Concert" + } } ] }, @@ -91,23 +52,60 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138446." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Cross-Site Scripting", - "lang" : "eng" + "lang" : "eng", + "value" : "Cross-Site Scripting" } ] } ] }, - "description" : { - "description_data" : [ + "references" : { + "reference_data" : [ { - "lang" : "eng", - "value" : "IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138446." + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10716507", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10716507" + }, + { + "name" : "ibm-rtc-cve20181408-xss(138446)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138446" } ] } diff --git a/2018/1xxx/CVE-2018-1521.json b/2018/1xxx/CVE-2018-1521.json index d41cb9f6bbd..ec16c7a04c4 100644 --- a/2018/1xxx/CVE-2018-1521.json +++ b/2018/1xxx/CVE-2018-1521.json @@ -1,41 +1,18 @@ { - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 0716507 (Rational Team Concert)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10716507", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10716507" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-rtc-cve20181521-xss (141802)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141802" - } - ] - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-07-06T00:00:00", + "ID" : "CVE-2018-1521", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Rational Team Concert", "version" : { "version_data" : [ { @@ -66,42 +43,38 @@ "version_value" : "6.0.5" } ] - }, - "product_name" : "Rational Team Concert" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141802." + "value" : "IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141802." } ] }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-07-06T00:00:00", - "ID" : "CVE-2018-1521", - "ASSIGNER" : "psirt@us.ibm.com" - }, "impact" : { "cvssv3" : { "BM" : { - "AC" : "L", - "I" : "L", - "S" : "C", - "UI" : "R", - "PR" : "L", - "SCORE" : "5.400", - "AV" : "N", "A" : "N", - "C" : "L" + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" }, "TM" : { "E" : "H", @@ -110,5 +83,30 @@ } } }, - "data_type" : "CVE" + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10716507", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10716507" + }, + { + "name" : "ibm-rtc-cve20181521-xss(141802)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141802" + } + ] + } }