diff --git a/2018/0xxx/CVE-2018-0625.json b/2018/0xxx/CVE-2018-0625.json index efd9b5f09cb..2349b6b8900 100644 --- a/2018/0xxx/CVE-2018-0625.json +++ b/2018/0xxx/CVE-2018-0625.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0625", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0625" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WG1200HP", + "version": { + "version_data": [ + { + "version_value": "firmware Ver1.0.31 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN00401783/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0626.json b/2018/0xxx/CVE-2018-0626.json index 545a900bf6d..23b5ad5aa5d 100644 --- a/2018/0xxx/CVE-2018-0626.json +++ b/2018/0xxx/CVE-2018-0626.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0626", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0626" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WG1200HP", + "version": { + "version_data": [ + { + "version_value": "firmware Ver1.0.31 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN00401783/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0627.json b/2018/0xxx/CVE-2018-0627.json index 0b0b17d26bf..d1fce44b925 100644 --- a/2018/0xxx/CVE-2018-0627.json +++ b/2018/0xxx/CVE-2018-0627.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0627", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0627" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WG1200HP", + "version": { + "version_data": [ + { + "version_value": "firmware Ver1.0.31 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN00401783/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0628.json b/2018/0xxx/CVE-2018-0628.json index 9ec280f9a27..0675750f3e1 100644 --- a/2018/0xxx/CVE-2018-0628.json +++ b/2018/0xxx/CVE-2018-0628.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0628", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0628" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WG1200HP", + "version": { + "version_data": [ + { + "version_value": "firmware Ver1.0.31 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN00401783/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0629.json b/2018/0xxx/CVE-2018-0629.json index 53620f1d2ec..93b00bda019 100644 --- a/2018/0xxx/CVE-2018-0629.json +++ b/2018/0xxx/CVE-2018-0629.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0629", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0629" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm W300P", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.13 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN26629618/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0630.json b/2018/0xxx/CVE-2018-0630.json index 65c50c7c26e..b2105045837 100644 --- a/2018/0xxx/CVE-2018-0630.json +++ b/2018/0xxx/CVE-2018-0630.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0630", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0630" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm W300P", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.13 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN26629618/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0631.json b/2018/0xxx/CVE-2018-0631.json index abcb99e1152..ab72844e12d 100644 --- a/2018/0xxx/CVE-2018-0631.json +++ b/2018/0xxx/CVE-2018-0631.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0631" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm W300P", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.13 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN26629618/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0632.json b/2018/0xxx/CVE-2018-0632.json index 4b57e0c29c2..43d9e1ae9bb 100644 --- a/2018/0xxx/CVE-2018-0632.json +++ b/2018/0xxx/CVE-2018-0632.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0632", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0632" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm W300P", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.13 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN26629618/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0633.json b/2018/0xxx/CVE-2018-0633.json index 640578f1dc8..c0551415abb 100644 --- a/2018/0xxx/CVE-2018-0633.json +++ b/2018/0xxx/CVE-2018-0633.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0633", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0633" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm W300P", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.13 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN26629618/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0634.json b/2018/0xxx/CVE-2018-0634.json index f3463164bc6..bb5c0480b80 100644 --- a/2018/0xxx/CVE-2018-0634.json +++ b/2018/0xxx/CVE-2018-0634.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0634", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0634" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HC100RC", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN84825660/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0635.json b/2018/0xxx/CVE-2018-0635.json index 77b93146e7f..0fd98c0610a 100644 --- a/2018/0xxx/CVE-2018-0635.json +++ b/2018/0xxx/CVE-2018-0635.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0635", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0635" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HC100RC", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN84825660/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0636.json b/2018/0xxx/CVE-2018-0636.json index 3b67c524ac5..09b2a53f0bf 100644 --- a/2018/0xxx/CVE-2018-0636.json +++ b/2018/0xxx/CVE-2018-0636.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0636", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0636" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HC100RC", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN84825660/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0637.json b/2018/0xxx/CVE-2018-0637.json index 62da6232dc3..cabce181044 100644 --- a/2018/0xxx/CVE-2018-0637.json +++ b/2018/0xxx/CVE-2018-0637.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0637", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0637" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HC100RC", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN84825660/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0638.json b/2018/0xxx/CVE-2018-0638.json index e904fca5849..1a9c27e01a8 100644 --- a/2018/0xxx/CVE-2018-0638.json +++ b/2018/0xxx/CVE-2018-0638.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0638", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0638" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HC100RC", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN84825660/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0639.json b/2018/0xxx/CVE-2018-0639.json index d4a401f7d3b..ea69a951a8a 100644 --- a/2018/0xxx/CVE-2018-0639.json +++ b/2018/0xxx/CVE-2018-0639.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0639", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0639" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HC100RC", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN84825660/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0640.json b/2018/0xxx/CVE-2018-0640.json index 18b0d3e6f72..89e02e80822 100644 --- a/2018/0xxx/CVE-2018-0640.json +++ b/2018/0xxx/CVE-2018-0640.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0640", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0640" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HC100RC", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN84825660/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0641.json b/2018/0xxx/CVE-2018-0641.json index 968703da224..8910120c7f2 100644 --- a/2018/0xxx/CVE-2018-0641.json +++ b/2018/0xxx/CVE-2018-0641.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0641", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0641" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HC100RC", + "version": { + "version_data": [ + { + "version_value": "Ver1.0.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN84825660/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0651.json b/2018/0xxx/CVE-2018-0651.json index a786a03a5c5..4de7d2d1bfe 100644 --- a/2018/0xxx/CVE-2018-0651.json +++ b/2018/0xxx/CVE-2018-0651.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0651", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0651" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The license management function of YOKOGAWA products", + "version": { + "version_data": [ + { + "version_value": "(iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Yokogawa Electric Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU93845358/" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0665.json b/2018/0xxx/CVE-2018-0665.json index fc512b24b40..50684eedf66 100644 --- a/2018/0xxx/CVE-2018-0665.json +++ b/2018/0xxx/CVE-2018-0665.json @@ -1,18 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0665", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0665" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yamaha Broadband VoIP Router RT57i", + "version": { + "version_data": [ + { + "version_value": "Rev.8.00.95 and earlier" + } + ] + } + }, + { + "product_name": "Yamaha Broadband VoIP Router RT58i", + "version": { + "version_data": [ + { + "version_value": "Rev.9.01.51 and earlier" + } + ] + } + }, + { + "product_name": "Yamaha Broadband VoIP Router NVR500", + "version": { + "version_data": [ + { + "version_value": "Rev.11.00.36 and earlier" + } + ] + } + }, + { + "product_name": "Yamaha Gigabit VPN Router RTX810", + "version": { + "version_data": [ + { + "version_value": "Rev.11.01.31 and earlier" + } + ] + } + }, + { + "product_name": "Yamaha Firewall FWX120", + "version": { + "version_data": [ + { + "version_value": "Rev.11.03.25 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Yamaha Corporation" + }, + { + "product": { + "product_data": [ + { + "product_name": "Biz Box Router N58i, N500, NVR500, and RTX810", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION" + }, + { + "product": { + "product_data": [ + { + "product_name": "Biz Box Router N58i, and N500", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Script Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html" + }, + { + "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html" + }, + { + "url": "https://flets-w.com/solution/kiki_info/info/180829.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN69967692/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0666.json b/2018/0xxx/CVE-2018-0666.json index cfb5b10d51b..d4b02633a3b 100644 --- a/2018/0xxx/CVE-2018-0666.json +++ b/2018/0xxx/CVE-2018-0666.json @@ -1,18 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0666", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0666" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yamaha Broadband VoIP Router RT57i", + "version": { + "version_data": [ + { + "version_value": "Rev.8.00.95 and earlier" + } + ] + } + }, + { + "product_name": "Yamaha Broadband VoIP Router RT58i", + "version": { + "version_data": [ + { + "version_value": "Rev.9.01.51 and earlier" + } + ] + } + }, + { + "product_name": "Yamaha Broadband VoIP Router NVR500", + "version": { + "version_data": [ + { + "version_value": "Rev.11.00.36 and earlier" + } + ] + } + }, + { + "product_name": "Yamaha Gigabit VPN Router RTX810", + "version": { + "version_data": [ + { + "version_value": "Rev.11.01.31 and earlier" + } + ] + } + }, + { + "product_name": "Yamaha Firewall FWX120", + "version": { + "version_data": [ + { + "version_value": "Rev.11.03.25 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Yamaha Corporation" + }, + { + "product": { + "product_data": [ + { + "product_name": "Biz Box Router N58i, N500, NVR500, and RTX810", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION" + }, + { + "product": { + "product_data": [ + { + "product_name": "Biz Box Router N58i, and N500", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Script Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html" + }, + { + "url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html" + }, + { + "url": "https://flets-w.com/solution/kiki_info/info/180829.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN69967692/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0667.json b/2018/0xxx/CVE-2018-0667.json index 5550b3b11a6..cc3dbc9946a 100644 --- a/2018/0xxx/CVE-2018-0667.json +++ b/2018/0xxx/CVE-2018-0667.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0667", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0667" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier", + "version": { + "version_data": [ + { + "version_value": "Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "MICRONET CORPORATION" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.mnc.co.jp/INplc/info_20180907_E.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN59624986/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0668.json b/2018/0xxx/CVE-2018-0668.json index b7e8d83a304..6056ba6aed4 100644 --- a/2018/0xxx/CVE-2018-0668.json +++ b/2018/0xxx/CVE-2018-0668.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0668", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0668" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "INplc-RT", + "version": { + "version_data": [ + { + "version_value": "3.08 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "MICRONET CORPORATION" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers to cause denial-of-service (DoS) condition that may result in executing arbtrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.mnc.co.jp/INplc/info_20180907_E.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN59624986/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0669.json b/2018/0xxx/CVE-2018-0669.json index 5fbaad7a8a1..25c849e3305 100644 --- a/2018/0xxx/CVE-2018-0669.json +++ b/2018/0xxx/CVE-2018-0669.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0669", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0669" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "INplc-RT", + "version": { + "version_data": [ + { + "version_value": "3.08 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "MICRONET CORPORATION" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0670." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.mnc.co.jp/INplc/info_20180907_E.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN59624986/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0670.json b/2018/0xxx/CVE-2018-0670.json index 1755aee4aa5..954657654bb 100644 --- a/2018/0xxx/CVE-2018-0670.json +++ b/2018/0xxx/CVE-2018-0670.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0670", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0670" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "INplc-RT", + "version": { + "version_data": [ + { + "version_value": "3.08 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "MICRONET CORPORATION" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0669." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.mnc.co.jp/INplc/info_20180907_E.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN59624986/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0671.json b/2018/0xxx/CVE-2018-0671.json index 72ca61a0e20..60db3dd0fcc 100644 --- a/2018/0xxx/CVE-2018-0671.json +++ b/2018/0xxx/CVE-2018-0671.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0671", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0671" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "INplc-RT", + "version": { + "version_data": [ + { + "version_value": "3.08 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "MICRONET CORPORATION" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.mnc.co.jp/INplc/info_20180907_E.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN59624986/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0676.json b/2018/0xxx/CVE-2018-0676.json index 81776b36f51..9dceb774283 100644 --- a/2018/0xxx/CVE-2018-0676.json +++ b/2018/0xxx/CVE-2018-0676.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0676", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0676" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BN-SDWBP3", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.0.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Panasonic Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3" + }, + { + "url": "https://jvn.jp/en/jp/JVN65082538/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0677.json b/2018/0xxx/CVE-2018-0677.json index 7e9eea80000..8b34125936a 100644 --- a/2018/0xxx/CVE-2018-0677.json +++ b/2018/0xxx/CVE-2018-0677.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0677", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0677" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BN-SDWBP3", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.0.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Panasonic Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3" + }, + { + "url": "https://jvn.jp/en/jp/JVN65082538/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0678.json b/2018/0xxx/CVE-2018-0678.json index 691d50562be..7040646c382 100644 --- a/2018/0xxx/CVE-2018-0678.json +++ b/2018/0xxx/CVE-2018-0678.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0678", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0678" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BN-SDWBP3", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.0.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Panasonic Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3" + }, + { + "url": "https://jvn.jp/en/jp/JVN65082538/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0688.json b/2018/0xxx/CVE-2018-0688.json index 2bc5d5d4efe..c96513d51a1 100644 --- a/2018/0xxx/CVE-2018-0688.json +++ b/2018/0xxx/CVE-2018-0688.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0688", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0688" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SEIKO EPSON printers and scanners", + "version": { + "version_data": [ + { + "version_value": "(DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7)" + } + ] + } + } + ] + }, + "vendor_name": "SEIKO EPSON CORPORATION" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the web interface of the affected product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.epson.jp/support/misc/20181203_oshirase.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN89767228/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0689.json b/2018/0xxx/CVE-2018-0689.json index 761d9b77f30..e90e2c24c43 100644 --- a/2018/0xxx/CVE-2018-0689.json +++ b/2018/0xxx/CVE-2018-0689.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0689", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0689" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SEIKO EPSON printers and scanners", + "version": { + "version_data": [ + { + "version_value": "(DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7)" + } + ] + } + } + ] + }, + "vendor_name": "SEIKO EPSON CORPORATION" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 June 19, EP-707A firmware versions released prior to 2017 August 1, EP-708A firmware versions released prior to 2017 August 7, EP-709A firmware versions released prior to 2017 June 12, EP-777A firmware versions released prior to 2017 August 1, EP-807AB/AW/AR firmware versions released prior to 2017 August 1, EP-808AB/AW/AR firmware versions released prior to 2017 August 7, EP-879AB/AW/AR firmware versions released prior to 2017 June 12, EP-907F firmware versions released prior to 2017 August 1, EP-977A3 firmware versions released prior to 2017 August 1, EP-978A3 firmware versions released prior to 2017 August 7, EP-979A3 firmware versions released prior to 2017 June 12, EP-M570T firmware versions released prior to 2017 September 6, EW-M5071FT firmware versions released prior to 2017 November 2, EW-M660FT firmware versions released prior to 2018 April 19, EW-M770T firmware versions released prior to 2017 September 6, PF-70 firmware versions released prior to 2018 April 20, PF-71 firmware versions released prior to 2017 July 18, PF-81 firmware versions released prior to 2017 September 14, PX-048A firmware versions released prior to 2017 July 4, PX-049A firmware versions released prior to 2017 September 11, PX-437A firmware versions released prior to 2017 July 24, PX-M350F firmware versions released prior to 2018 February 23, PX-M5040F firmware versions released prior to 2017 November 20, PX-M5041F firmware versions released prior to 2017 November 20, PX-M650A firmware versions released prior to 2017 October 17, PX-M650F firmware versions released prior to 2017 October 17, PX-M680F firmware versions released prior to 2017 June 29, PX-M7050F firmware versions released prior to 2017 October 13, PX-M7050FP firmware versions released prior to 2017 October 13, PX-M7050FX firmware versions released prior to 2017 November 7, PX-M7070FX firmware versions released prior to 2017 April 27, PX-M740F firmware versions released prior to 2017 December 4, PX-M741F firmware versions released prior to 2017 December 4, PX-M780F firmware versions released prior to 2017 June 29, PX-M781F firmware versions released prior to 2017 June 27, PX-M840F firmware versions released prior to 2017 November 16, PX-M840FX firmware versions released prior to 2017 December 8, PX-M860F firmware versions released prior to 2017 October 25, PX-S05B/W firmware versions released prior to 2018 March 9, PX-S350 firmware versions released prior to 2018 February 23, PX-S5040 firmware versions released prior to 2017 November 20, PX-S7050 firmware versions released prior to 2018 February 21, PX-S7050PS firmware versions released prior to 2018 February 21, PX-S7050X firmware versions released prior to 2017 November 7, PX-S7070X firmware versions released prior to 2017 April 27, PX-S740 firmware versions released prior to 2017 December 3, PX-S840 firmware versions released prior to 2017 November 16, PX-S840X firmware versions released prior to 2017 December 8, PX-S860 firmware versions released prior to 2017 December 7) may allow a remote attackers to lead a user to a phishing site or execute an arbitrary script on the user's web browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP header injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.epson.jp/support/misc/20181203_oshirase.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN89767228/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0698.json b/2018/0xxx/CVE-2018-0698.json index 917d93859a4..20448139278 100644 --- a/2018/0xxx/CVE-2018-0698.json +++ b/2018/0xxx/CVE-2018-0698.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0698", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0698" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GROWI", + "version": { + "version_data": [ + { + "version_value": "v3.2.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "WESEEK, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://weseek.co.jp/security/2018/12/25/growi-prevent-xss2/" + }, + { + "url": "https://jvn.jp/en/jp/JVN96493183/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0702.json b/2018/0xxx/CVE-2018-0702.json index dc370a81c71..f05326fc5d1 100644 --- a/2018/0xxx/CVE-2018-0702.json +++ b/2018/0xxx/CVE-2018-0702.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0702", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0702" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Mailwise", + "version": { + "version_data": [ + { + "version_value": "5.0.0 to 5.4.5" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.cybozu.support/article/34135/" + }, + { + "url": "https://jvn.jp/en/jp/JVN83739174/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0703.json b/2018/0xxx/CVE-2018-0703.json index af8060ca93f..7eff3adeb4a 100644 --- a/2018/0xxx/CVE-2018-0703.json +++ b/2018/0xxx/CVE-2018-0703.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0703", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0703" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Office", + "version": { + "version_data": [ + { + "version_value": "10.0.0 to 10.8.1" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.cybozu.support/article/34088/" + }, + { + "url": "https://jvn.jp/en/jp/JVN15232217/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0704.json b/2018/0xxx/CVE-2018-0704.json index 9b69c43252e..c7a19d965dd 100644 --- a/2018/0xxx/CVE-2018-0704.json +++ b/2018/0xxx/CVE-2018-0704.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0704", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0704" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Office", + "version": { + "version_data": [ + { + "version_value": "10.0.0 to 10.8.1" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.cybozu.support/article/34091/" + }, + { + "url": "https://jvn.jp/en/jp/JVN15232217/index.html" + } + ] + } } diff --git a/2018/0xxx/CVE-2018-0705.json b/2018/0xxx/CVE-2018-0705.json index 2c754ff867a..7b06fc3ee1a 100644 --- a/2018/0xxx/CVE-2018-0705.json +++ b/2018/0xxx/CVE-2018-0705.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0705", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0705" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Dezie", + "version": { + "version_data": [ + { + "version_value": "8.0.2 to 8.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.cybozu.support/article/34089/" + }, + { + "url": "https://jvn.jp/en/jp/JVN16697622/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16164.json b/2018/16xxx/CVE-2018-16164.json index 36941807912..d0a56a815ad 100644 --- a/2018/16xxx/CVE-2018-16164.json +++ b/2018/16xxx/CVE-2018-16164.json @@ -1,18 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16164", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16164" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Event Calendar WD version", + "version": { + "version_data": [ + { + "version_value": "1.1.21 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Web-Dorado" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/1961423/" + }, + { + "url": "https://wordpress.org/plugins/event-calendar-wd/#developers" + }, + { + "url": "https://jvn.jp/en/jp/JVN75738023/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16165.json b/2018/16xxx/CVE-2018-16165.json index 69eb4786731..9dd1f621c3d 100644 --- a/2018/16xxx/CVE-2018-16165.json +++ b/2018/16xxx/CVE-2018-16165.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16165", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16165" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LogonTracer", + "version": { + "version_data": [ + { + "version_value": "1.2.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "JPCERT Coordination Center" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU98026636/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16166.json b/2018/16xxx/CVE-2018-16166.json index ffbad2748cd..2a9ac93a53a 100644 --- a/2018/16xxx/CVE-2018-16166.json +++ b/2018/16xxx/CVE-2018-16166.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16166", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16166" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LogonTracer", + "version": { + "version_data": [ + { + "version_value": "1.2.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "JPCERT Coordination Center" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML external entities (XXE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU98026636/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16167.json b/2018/16xxx/CVE-2018-16167.json index 9f2abe9bde1..1ef81a96f7d 100644 --- a/2018/16xxx/CVE-2018-16167.json +++ b/2018/16xxx/CVE-2018-16167.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16167", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16167" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LogonTracer", + "version": { + "version_data": [ + { + "version_value": "1.2.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "JPCERT Coordination Center" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU98026636/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16168.json b/2018/16xxx/CVE-2018-16168.json index 09dd22eb366..b9968a3781c 100644 --- a/2018/16xxx/CVE-2018-16168.json +++ b/2018/16xxx/CVE-2018-16168.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16168", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16168" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LogonTracer", + "version": { + "version_data": [ + { + "version_value": "1.2.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "JPCERT Coordination Center" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU98026636/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16169.json b/2018/16xxx/CVE-2018-16169.json index 35ce74be842..901f8de78c2 100644 --- a/2018/16xxx/CVE-2018-16169.json +++ b/2018/16xxx/CVE-2018-16169.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16169", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16169" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Remote Service", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 3.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.cybozu.support/article/34311/" + }, + { + "url": "https://jvn.jp/en/jp/JVN23161885/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16170.json b/2018/16xxx/CVE-2018-16170.json index 3d60e32677b..25161568e3a 100644 --- a/2018/16xxx/CVE-2018-16170.json +++ b/2018/16xxx/CVE-2018-16170.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16170", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16170" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Remote Service", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 3.1.8 for Windows" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.cybozu.support/article/34301/" + }, + { + "url": "https://jvn.jp/en/jp/JVN23161885/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16171.json b/2018/16xxx/CVE-2018-16171.json index dcbaf8f2668..1f4633578f1 100644 --- a/2018/16xxx/CVE-2018-16171.json +++ b/2018/16xxx/CVE-2018-16171.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16171", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16171" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Remote Service", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 3.1.8" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.cybozu.support/article/35259/" + }, + { + "url": "https://jvn.jp/en/jp/JVN23161885/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16172.json b/2018/16xxx/CVE-2018-16172.json index f6bdd64ef0e..269e9bea109 100644 --- a/2018/16xxx/CVE-2018-16172.json +++ b/2018/16xxx/CVE-2018-16172.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16172", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16172" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Remote Service", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 3.1.8" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "User Interface (UI) Misrepresentation of Critical Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.cybozu.support/article/35260/" + }, + { + "url": "https://jvn.jp/en/jp/JVN23161885/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16173.json b/2018/16xxx/CVE-2018-16173.json index 36d73713666..3cea7d942c9 100644 --- a/2018/16xxx/CVE-2018-16173.json +++ b/2018/16xxx/CVE-2018-16173.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16173", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16173" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LearnPress", + "version": { + "version_data": [ + { + "version_value": "prior to version 3.1.0" + } + ] + } + } + ] + }, + "vendor_name": "ThimPress" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/learnpress/" + }, + { + "url": "https://jvn.jp/en/jp/JVN85760090/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16174.json b/2018/16xxx/CVE-2018-16174.json index bc135aa75d0..99dd8e1284b 100644 --- a/2018/16xxx/CVE-2018-16174.json +++ b/2018/16xxx/CVE-2018-16174.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16174", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16174" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LearnPress", + "version": { + "version_data": [ + { + "version_value": "prior to version 3.1.0" + } + ] + } + } + ] + }, + "vendor_name": "ThimPress" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/learnpress/" + }, + { + "url": "https://jvn.jp/en/jp/JVN85760090/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16175.json b/2018/16xxx/CVE-2018-16175.json index f2491665947..0bfac4187e1 100644 --- a/2018/16xxx/CVE-2018-16175.json +++ b/2018/16xxx/CVE-2018-16175.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16175", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16175" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LearnPress", + "version": { + "version_data": [ + { + "version_value": "prior to version 3.1.0" + } + ] + } + } + ] + }, + "vendor_name": "ThimPress" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/learnpress/" + }, + { + "url": "https://jvn.jp/en/jp/JVN85760090/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16176.json b/2018/16xxx/CVE-2018-16176.json index 06b2f809737..8d503c2b4b6 100644 --- a/2018/16xxx/CVE-2018-16176.json +++ b/2018/16xxx/CVE-2018-16176.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16176", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16176" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer of Mapping Tool", + "version": { + "version_data": [ + { + "version_value": "2.0.1.6 and 2.0.1.7" + } + ] + } + } + ] + }, + "vendor_name": "Japan Atomic Energy Agency" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://emdb.jaea.go.jp/emdb/en/mappingtool.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN33677949/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16177.json b/2018/16xxx/CVE-2018-16177.json index 8a4e6db812e..527a1c20c19 100644 --- a/2018/16xxx/CVE-2018-16177.json +++ b/2018/16xxx/CVE-2018-16177.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16177", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16177" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The installer of Windows10 Fall Creators Update Modify module for Security Measures tool", + "version": { + "version_data": [ + { + "version_value": "Windows10 Fall Creators Update Modify module for Security Measures tool" + } + ] + } + } + ] + }, + "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in The installer of Windows10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://f-security.jp/v6/support/information/100193.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN15709478/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16178.json b/2018/16xxx/CVE-2018-16178.json index 7f738ca6217..68a10c9daae 100644 --- a/2018/16xxx/CVE-2018-16178.json +++ b/2018/16xxx/CVE-2018-16178.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16178", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16178" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Garoon", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 4.10.0" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.cybozu.support/article/35265" + }, + { + "url": "https://jvn.jp/en/jp/JVN25385698/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16179.json b/2018/16xxx/CVE-2018-16179.json index 697546ed5d4..039a9534996 100644 --- a/2018/16xxx/CVE-2018-16179.json +++ b/2018/16xxx/CVE-2018-16179.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16179", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16179" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mizuho Direct App for Android", + "version": { + "version_data": [ + { + "version_value": "version 3.13.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Mizuho Bank, Ltd." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU91640357/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16180.json b/2018/16xxx/CVE-2018-16180.json index b7412064201..328ccbb03e2 100644 --- a/2018/16xxx/CVE-2018-16180.json +++ b/2018/16xxx/CVE-2018-16180.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16180", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16180" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "i-FILTER", + "version": { + "version_data": [ + { + "version_value": "Ver.9.50R05 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Digital Arts Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://download.daj.co.jp/user/ifilter/V9/" + }, + { + "url": "https://jvn.jp/en/jp/JVN32155106/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16181.json b/2018/16xxx/CVE-2018-16181.json index 6315faf953c..d9d37af9974 100644 --- a/2018/16xxx/CVE-2018-16181.json +++ b/2018/16xxx/CVE-2018-16181.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16181", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16181" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "i-FILTER", + "version": { + "version_data": [ + { + "version_value": "Ver.9.50R05 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Digital Arts Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP header injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://download.daj.co.jp/user/ifilter/V9/" + }, + { + "url": "https://jvn.jp/en/jp/JVN32155106/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16182.json b/2018/16xxx/CVE-2018-16182.json index 469eb38973a..c23e3748fd2 100644 --- a/2018/16xxx/CVE-2018-16182.json +++ b/2018/16xxx/CVE-2018-16182.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16182", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16182" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The installer of MARKET SPEED", + "version": { + "version_data": [ + { + "version_value": "Ver.16.4 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Rakuten Securities, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installer of MARKET SPEED Ver.16.4 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://marketspeed.jp/ms1/download/" + }, + { + "url": "https://jvn.jp/en/jp/JVN78422300/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16183.json b/2018/16xxx/CVE-2018-16183.json index 0e0688f4d22..f35bee8ec40 100644 --- a/2018/16xxx/CVE-2018-16183.json +++ b/2018/16xxx/CVE-2018-16183.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16183", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16183" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Some pre-installed applications on Panasonic PC", + "version": { + "version_data": [ + { + "version_value": "run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009" + } + ] + } + } + ] + }, + "vendor_name": "Panasonic Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unquoted Search Path or Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pc-dl.panasonic.co.jp/dl/docs/077770" + }, + { + "url": "https://jvn.jp/en/jp/JVN36895151/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16184.json b/2018/16xxx/CVE-2018-16184.json index b07a2cb01dc..cd75e3a0241 100644 --- a/2018/16xxx/CVE-2018-16184.json +++ b/2018/16xxx/CVE-2018-16184.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16184", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16184" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RICOH Interactive Whiteboard", + "version": { + "version_data": [ + { + "version_value": "D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400)" + } + ] + } + } + ] + }, + "vendor_name": "RICOH COMPANY, LTD." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ricoh.com/info/2018/1127_1.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN55263945/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16185.json b/2018/16xxx/CVE-2018-16185.json index af3e664323c..7cde77cea13 100644 --- a/2018/16xxx/CVE-2018-16185.json +++ b/2018/16xxx/CVE-2018-16185.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16185", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16185" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RICOH Interactive Whiteboard", + "version": { + "version_data": [ + { + "version_value": "D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)" + } + ] + } + } + ] + }, + "vendor_name": "RICOH COMPANY, LTD." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Firmware file is not signed" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ricoh.com/info/2018/1127_1.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN55263945/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16186.json b/2018/16xxx/CVE-2018-16186.json index 4eb3bd361c3..0a56d136ce7 100644 --- a/2018/16xxx/CVE-2018-16186.json +++ b/2018/16xxx/CVE-2018-16186.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16186", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16186" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RICOH Interactive Whiteboard", + "version": { + "version_data": [ + { + "version_value": "D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)" + } + ] + } + } + ] + }, + "vendor_name": "RICOH COMPANY, LTD." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ricoh.com/info/2018/1127_1.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN55263945/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16187.json b/2018/16xxx/CVE-2018-16187.json index 2a29f8f93df..e6bc7b897e9 100644 --- a/2018/16xxx/CVE-2018-16187.json +++ b/2018/16xxx/CVE-2018-16187.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16187", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16187" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RICOH Interactive Whiteboard", + "version": { + "version_data": [ + { + "version_value": "D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)" + } + ] + } + } + ] + }, + "vendor_name": "RICOH COMPANY, LTD." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify the server certificate" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ricoh.com/info/2018/1127_1.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN55263945/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16188.json b/2018/16xxx/CVE-2018-16188.json index 4a5daa362f2..2e30fbe8ecc 100644 --- a/2018/16xxx/CVE-2018-16188.json +++ b/2018/16xxx/CVE-2018-16188.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16188", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16188" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RICOH Interactive Whiteboard", + "version": { + "version_data": [ + { + "version_value": "D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)" + } + ] + } + } + ] + }, + "vendor_name": "RICOH COMPANY, LTD." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ricoh.com/info/2018/1127_1.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN55263945/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16191.json b/2018/16xxx/CVE-2018-16191.json index 84f3847bc5e..68784915325 100644 --- a/2018/16xxx/CVE-2018-16191.json +++ b/2018/16xxx/CVE-2018-16191.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16191", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16191" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EC-CUBE", + "version": { + "version_data": [ + { + "version_value": "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16)" + } + ] + } + } + ] + }, + "vendor_name": "LOCKON CO.,LTD." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ec-cube.net/info/weakness/20181113/" + }, + { + "url": "https://jvn.jp/en/jp/JVN25359688/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16192.json b/2018/16xxx/CVE-2018-16192.json index d8ddee2abef..209d1ccac5c 100644 --- a/2018/16xxx/CVE-2018-16192.json +++ b/2018/16xxx/CVE-2018-16192.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16192", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16192" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm WF1200CR and Aterm WG1200CR", + "version": { + "version_data": [ + { + "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN87535892/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16193.json b/2018/16xxx/CVE-2018-16193.json index 493bcce9935..e889220f556 100644 --- a/2018/16xxx/CVE-2018-16193.json +++ b/2018/16xxx/CVE-2018-16193.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16193", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16193" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm WF1200CR and Aterm WG1200CR", + "version": { + "version_data": [ + { + "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN87535892/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16194.json b/2018/16xxx/CVE-2018-16194.json index 57a0cbb13e1..30f7a5ba560 100644 --- a/2018/16xxx/CVE-2018-16194.json +++ b/2018/16xxx/CVE-2018-16194.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16194", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16194" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm WF1200CR and Aterm WG1200CR", + "version": { + "version_data": [ + { + "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN87535892/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16195.json b/2018/16xxx/CVE-2018-16195.json index babf7443ec2..b8adef2044e 100644 --- a/2018/16xxx/CVE-2018-16195.json +++ b/2018/16xxx/CVE-2018-16195.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16195", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16195" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aterm WF1200CR and Aterm WG1200CR", + "version": { + "version_data": [ + { + "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "NEC Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN87535892/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16196.json b/2018/16xxx/CVE-2018-16196.json index 7bd7586b803..13868a72245 100644 --- a/2018/16xxx/CVE-2018-16196.json +++ b/2018/16xxx/CVE-2018-16196.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16196", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16196" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver", + "version": { + "version_data": [ + { + "version_value": "(CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90))" + } + ] + } + } + ] + }, + "vendor_name": "Yokogawa Electric Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU93652047/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16197.json b/2018/16xxx/CVE-2018-16197.json index 776e2c0a515..a26ae268108 100644 --- a/2018/16xxx/CVE-2018-16197.json +++ b/2018/16xxx/CVE-2018-16197.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16197", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16197" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A", + "version": { + "version_data": [ + { + "version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Toshiba Lighting & Technology Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN99810718/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16198.json b/2018/16xxx/CVE-2018-16198.json index ab531beef28..1efb65197f1 100644 --- a/2018/16xxx/CVE-2018-16198.json +++ b/2018/16xxx/CVE-2018-16198.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16198", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16198" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A", + "version": { + "version_data": [ + { + "version_value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Toshiba Lighting & Technology Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hidden Functionality" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN99810718/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16199.json b/2018/16xxx/CVE-2018-16199.json index 3e13d4b870c..58560743ac7 100644 --- a/2018/16xxx/CVE-2018-16199.json +++ b/2018/16xxx/CVE-2018-16199.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16199", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16199" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A", + "version": { + "version_data": [ + { + "version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Toshiba Lighting & Technology Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN99810718/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16200.json b/2018/16xxx/CVE-2018-16200.json index 5557278ddb2..4bdb8f6e7ae 100644 --- a/2018/16xxx/CVE-2018-16200.json +++ b/2018/16xxx/CVE-2018-16200.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16200", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16200" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A", + "version": { + "version_data": [ + { + "version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Toshiba Lighting & Technology Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN99810718/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16201.json b/2018/16xxx/CVE-2018-16201.json index 93b7d0f3885..6d5587f6805 100644 --- a/2018/16xxx/CVE-2018-16201.json +++ b/2018/16xxx/CVE-2018-16201.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16201", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16201" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A", + "version": { + "version_data": [ + { + "version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)" + } + ] + } + } + ] + }, + "vendor_name": "Toshiba Lighting & Technology Corporation" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN99810718/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16202.json b/2018/16xxx/CVE-2018-16202.json index 8f915f178fa..e0087c7fd1b 100644 --- a/2018/16xxx/CVE-2018-16202.json +++ b/2018/16xxx/CVE-2018-16202.json @@ -1,18 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16202", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16202" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "cordova-plugin-ionic-webview", + "version": { + "version_data": [ + { + "version_value": "versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0)" + } + ] + } + } + ] + }, + "vendor_name": "npm, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.npmjs.com/advisories/746" + }, + { + "url": "https://github.com/ionic-team/cordova-plugin-ionic-webview" + }, + { + "url": "https://jvn.jp/en/jp/JVN69812763/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16203.json b/2018/16xxx/CVE-2018-16203.json index 91247cd94d5..496c2928010 100644 --- a/2018/16xxx/CVE-2018-16203.json +++ b/2018/16xxx/CVE-2018-16203.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16203", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16203" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PgpoolAdmin", + "version": { + "version_data": [ + { + "version_value": "4.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "PgPool Global Development Group" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pgpool.net/mediawiki/index.php/Main_Page" + }, + { + "url": "https://jvn.jp/en/jp/JVN13199224/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16204.json b/2018/16xxx/CVE-2018-16204.json index 9fac35a7bf1..12da9bc1883 100644 --- a/2018/16xxx/CVE-2018-16204.json +++ b/2018/16xxx/CVE-2018-16204.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16204", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16204" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google XML Sitemaps", + "version": { + "version_data": [ + { + "version_value": "Version 4.0.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Arne Brachhold" + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/google-sitemap-generator/#developers" + }, + { + "url": "https://jvn.jp/en/jp/JVN27052429/index.html" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16205.json b/2018/16xxx/CVE-2018-16205.json index 510347bb8ee..119761b2a77 100644 --- a/2018/16xxx/CVE-2018-16205.json +++ b/2018/16xxx/CVE-2018-16205.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16205", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16205" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GROWI", + "version": { + "version_data": [ + { + "version_value": "v3.2.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "WESEEK, Inc." + } ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://weseek.co.jp/security/2018/12/25/growi-prevent-xss2/" + }, + { + "url": "https://jvn.jp/en/jp/JVN96493183/index.html" + } + ] + } }