From 46f372e373ccecc670d23a669181bb176e9a7b5a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 6 Jul 2018 10:04:23 -0400 Subject: [PATCH] - Synchronized data. --- 2017/1xxx/CVE-2017-1237.json | 82 ++++++++++---------- 2017/1xxx/CVE-2017-1238.json | 128 +++++++++++++++--------------- 2017/1xxx/CVE-2017-1239.json | 120 ++++++++++++++-------------- 2017/1xxx/CVE-2017-1242.json | 76 +++++++++--------- 2017/1xxx/CVE-2017-1248.json | 58 +++++++------- 2017/1xxx/CVE-2017-1329.json | 78 +++++++++---------- 2017/1xxx/CVE-2017-1488.json | 84 ++++++++++---------- 2017/1xxx/CVE-2017-1509.json | 138 ++++++++++++++++----------------- 2017/1xxx/CVE-2017-1559.json | 136 ++++++++++++++++---------------- 2017/1xxx/CVE-2017-1795.json | 94 +++++++++++----------- 2018/11xxx/CVE-2018-11124.json | 48 +++++++++++- 2018/12xxx/CVE-2018-12582.json | 5 ++ 2018/12xxx/CVE-2018-12583.json | 5 ++ 2018/12xxx/CVE-2018-12695.json | 5 ++ 2018/12xxx/CVE-2018-12696.json | 5 ++ 2018/13xxx/CVE-2018-13108.json | 63 ++++++++++++++- 2018/13xxx/CVE-2018-13109.json | 63 ++++++++++++++- 2018/13xxx/CVE-2018-13110.json | 63 ++++++++++++++- 2018/13xxx/CVE-2018-13365.json | 18 +++++ 2018/13xxx/CVE-2018-13366.json | 18 +++++ 2018/13xxx/CVE-2018-13367.json | 18 +++++ 2018/13xxx/CVE-2018-13368.json | 18 +++++ 2018/13xxx/CVE-2018-13369.json | 18 +++++ 2018/13xxx/CVE-2018-13370.json | 18 +++++ 2018/13xxx/CVE-2018-13371.json | 18 +++++ 2018/13xxx/CVE-2018-13372.json | 18 +++++ 2018/13xxx/CVE-2018-13373.json | 18 +++++ 2018/13xxx/CVE-2018-13374.json | 18 +++++ 2018/13xxx/CVE-2018-13375.json | 18 +++++ 2018/13xxx/CVE-2018-13376.json | 18 +++++ 2018/13xxx/CVE-2018-13377.json | 18 +++++ 2018/13xxx/CVE-2018-13378.json | 18 +++++ 2018/13xxx/CVE-2018-13379.json | 18 +++++ 2018/13xxx/CVE-2018-13380.json | 18 +++++ 2018/13xxx/CVE-2018-13381.json | 18 +++++ 2018/13xxx/CVE-2018-13382.json | 18 +++++ 2018/13xxx/CVE-2018-13383.json | 18 +++++ 2018/13xxx/CVE-2018-13384.json | 18 +++++ 2018/13xxx/CVE-2018-13385.json | 18 +++++ 2018/13xxx/CVE-2018-13386.json | 18 +++++ 2018/13xxx/CVE-2018-13387.json | 18 +++++ 2018/13xxx/CVE-2018-13388.json | 18 +++++ 2018/13xxx/CVE-2018-13389.json | 18 +++++ 2018/13xxx/CVE-2018-13390.json | 18 +++++ 2018/13xxx/CVE-2018-13391.json | 18 +++++ 2018/13xxx/CVE-2018-13392.json | 18 +++++ 2018/13xxx/CVE-2018-13393.json | 18 +++++ 2018/13xxx/CVE-2018-13394.json | 18 +++++ 2018/13xxx/CVE-2018-13395.json | 18 +++++ 2018/13xxx/CVE-2018-13396.json | 18 +++++ 2018/13xxx/CVE-2018-13397.json | 18 +++++ 2018/13xxx/CVE-2018-13398.json | 18 +++++ 2018/13xxx/CVE-2018-13399.json | 18 +++++ 2018/13xxx/CVE-2018-13400.json | 18 +++++ 2018/13xxx/CVE-2018-13401.json | 18 +++++ 2018/13xxx/CVE-2018-13402.json | 18 +++++ 2018/13xxx/CVE-2018-13403.json | 18 +++++ 2018/13xxx/CVE-2018-13404.json | 18 +++++ 2018/13xxx/CVE-2018-13405.json | 72 +++++++++++++++++ 2018/13xxx/CVE-2018-13406.json | 72 +++++++++++++++++ 2018/1xxx/CVE-2018-1494.json | 84 ++++++++++---------- 2018/1xxx/CVE-2018-1542.json | 124 +++++++++++++++-------------- 2018/1xxx/CVE-2018-1546.json | 56 +++++++------ 2018/1xxx/CVE-2018-1555.json | 118 ++++++++++++++-------------- 2018/1xxx/CVE-2018-1556.json | 120 ++++++++++++++-------------- 2018/1xxx/CVE-2018-1621.json | 60 +++++++------- 2018/1xxx/CVE-2018-1676.json | 128 +++++++++++++++--------------- 67 files changed, 1938 insertions(+), 867 deletions(-) create mode 100644 2018/13xxx/CVE-2018-13365.json create mode 100644 2018/13xxx/CVE-2018-13366.json create mode 100644 2018/13xxx/CVE-2018-13367.json create mode 100644 2018/13xxx/CVE-2018-13368.json create mode 100644 2018/13xxx/CVE-2018-13369.json create mode 100644 2018/13xxx/CVE-2018-13370.json create mode 100644 2018/13xxx/CVE-2018-13371.json create mode 100644 2018/13xxx/CVE-2018-13372.json create mode 100644 2018/13xxx/CVE-2018-13373.json create mode 100644 2018/13xxx/CVE-2018-13374.json create mode 100644 2018/13xxx/CVE-2018-13375.json create mode 100644 2018/13xxx/CVE-2018-13376.json create mode 100644 2018/13xxx/CVE-2018-13377.json create mode 100644 2018/13xxx/CVE-2018-13378.json create mode 100644 2018/13xxx/CVE-2018-13379.json create mode 100644 2018/13xxx/CVE-2018-13380.json create mode 100644 2018/13xxx/CVE-2018-13381.json create mode 100644 2018/13xxx/CVE-2018-13382.json create mode 100644 2018/13xxx/CVE-2018-13383.json create mode 100644 2018/13xxx/CVE-2018-13384.json create mode 100644 2018/13xxx/CVE-2018-13385.json create mode 100644 2018/13xxx/CVE-2018-13386.json create mode 100644 2018/13xxx/CVE-2018-13387.json create mode 100644 2018/13xxx/CVE-2018-13388.json create mode 100644 2018/13xxx/CVE-2018-13389.json create mode 100644 2018/13xxx/CVE-2018-13390.json create mode 100644 2018/13xxx/CVE-2018-13391.json create mode 100644 2018/13xxx/CVE-2018-13392.json create mode 100644 2018/13xxx/CVE-2018-13393.json create mode 100644 2018/13xxx/CVE-2018-13394.json create mode 100644 2018/13xxx/CVE-2018-13395.json create mode 100644 2018/13xxx/CVE-2018-13396.json create mode 100644 2018/13xxx/CVE-2018-13397.json create mode 100644 2018/13xxx/CVE-2018-13398.json create mode 100644 2018/13xxx/CVE-2018-13399.json create mode 100644 2018/13xxx/CVE-2018-13400.json create mode 100644 2018/13xxx/CVE-2018-13401.json create mode 100644 2018/13xxx/CVE-2018-13402.json create mode 100644 2018/13xxx/CVE-2018-13403.json create mode 100644 2018/13xxx/CVE-2018-13404.json create mode 100644 2018/13xxx/CVE-2018-13405.json create mode 100644 2018/13xxx/CVE-2018-13406.json diff --git a/2017/1xxx/CVE-2017-1237.json b/2017/1xxx/CVE-2017-1237.json index 39e451bbf3f..168359cf7db 100644 --- a/2017/1xxx/CVE-2017-1237.json +++ b/2017/1xxx/CVE-2017-1237.json @@ -1,5 +1,10 @@ { - "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-06-28T00:00:00", + "ID" : "CVE-2017-1237", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -7,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "Rational Collaborative Lifecycle Management", "version" : { "version_data" : [ { @@ -31,10 +37,10 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Collaborative Lifecycle Management" + } }, { + "product_name" : "Rational DOORS Next Generation", "version" : { "version_data" : [ { @@ -59,8 +65,7 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational DOORS Next Generation" + } }, { "product_name" : "Rational Engineering Lifecycle Manager", @@ -91,6 +96,7 @@ } }, { + "product_name" : "Rational Quality Manager", "version" : { "version_data" : [ { @@ -115,10 +121,10 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Quality Manager" + } }, { + "product_name" : "Rational Rhapsody Design Manager", "version" : { "version_data" : [ { @@ -143,8 +149,7 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Rhapsody Design Manager" + } }, { "product_name" : "Rational Software Architect Design Manager", @@ -163,6 +168,7 @@ } }, { + "product_name" : "Rational Team Concert", "version" : { "version_data" : [ { @@ -187,8 +193,7 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Team Concert" + } } ] }, @@ -197,35 +202,37 @@ ] } }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355." + } + ] + }, "impact" : { "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, "TM" : { "E" : "H", "RC" : "C", "RL" : "O" - }, - "BM" : { - "UI" : "R", - "A" : "N", - "I" : "L", - "SCORE" : "5.400", - "AV" : "N", - "S" : "C", - "AC" : "L", - "C" : "L", - "PR" : "L" } } }, - "description" : { - "description_data" : [ - { - "value" : "IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355.", - "lang" : "eng" - } - ] - }, "problemtype" : { "problemtype_data" : [ { @@ -238,25 +245,16 @@ } ] }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "ID" : "CVE-2017-1237", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-28T00:00:00" - }, "references" : { "reference_data" : [ { - "url" : "https://www-prd-trops.events.ibm.com/node/715709", - "title" : "IBM Security Bulletin 0715709", + "name" : "https://www-prd-trops.events.ibm.com/node/715709", "refsource" : "CONFIRM", - "name" : "https://www-prd-trops.events.ibm.com/node/715709" + "url" : "https://www-prd-trops.events.ibm.com/node/715709" }, { - "name" : "ibm-jazz-cve20171237-xss (124355)", + "name" : "ibm-jazz-cve20171237-xss(124355)", "refsource" : "XF", - "title" : "X-Force Vulnerability Report", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124355" } ] diff --git a/2017/1xxx/CVE-2017-1238.json b/2017/1xxx/CVE-2017-1238.json index e3687e7c11b..08269dfe05b 100644 --- a/2017/1xxx/CVE-2017-1238.json +++ b/2017/1xxx/CVE-2017-1238.json @@ -1,77 +1,18 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "H", - "RL" : "O" - }, - "BM" : { - "PR" : "L", - "C" : "L", - "AC" : "L", - "SCORE" : "5.400", - "AV" : "N", - "I" : "L", - "S" : "C", - "UI" : "R", - "A" : "N" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356." - } - ] - }, "CVE_data_meta" : { - "STATE" : "PUBLIC", "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-07-03T00:00:00", - "ID" : "CVE-2017-1238" + "ID" : "CVE-2017-1238", + "STATE" : "PUBLIC" }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", - "title" : "IBM Security Bulletin 0716201 (Rational Quality Manager)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201" - }, - { - "name" : "ibm-rqm-cve20171238-xss (124356)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124356", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Rational Quality Manager", "version" : { "version_data" : [ { @@ -96,13 +37,70 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Quality Manager" + } } ] - } + }, + "vendor_name" : "IBM" } ] } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201" + }, + { + "name" : "ibm-rqm-cve20171238-xss(124356)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124356" + } + ] } } diff --git a/2017/1xxx/CVE-2017-1239.json b/2017/1xxx/CVE-2017-1239.json index cdefc2c7e20..26035fec344 100644 --- a/2017/1xxx/CVE-2017-1239.json +++ b/2017/1xxx/CVE-2017-1239.json @@ -1,68 +1,10 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "L", - "PR" : "L", - "AC" : "L", - "S" : "U", - "I" : "N", - "AV" : "N", - "SCORE" : "4.300", - "A" : "N", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", - "title" : "IBM Security Bulletin 0716201 (Rational Quality Manager)", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201" - }, - { - "name" : "ibm-rqm-cve20171239-info-disc (124357)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124357" - } - ] - }, "CVE_data_meta" : { - "STATE" : "PUBLIC", "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-07-03T00:00:00", - "ID" : "CVE-2017-1239" + "ID" : "CVE-2017-1239", + "STATE" : "PUBLIC" }, - "data_version" : "4.0", "affects" : { "vendor" : { "vendor_data" : [ @@ -104,5 +46,61 @@ ] } }, - "data_type" : "CVE" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "4.300", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201" + }, + { + "name" : "ibm-rqm-cve20171239-info-disc(124357)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124357" + } + ] + } } diff --git a/2017/1xxx/CVE-2017-1242.json b/2017/1xxx/CVE-2017-1242.json index 575ba1ca1e4..069b415c155 100644 --- a/2017/1xxx/CVE-2017-1242.json +++ b/2017/1xxx/CVE-2017-1242.json @@ -1,4 +1,10 @@ { + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-07-03T00:00:00", + "ID" : "CVE-2017-1242", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -6,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "Rational Quality Manager", "version" : { "version_data" : [ { @@ -30,8 +37,7 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Quality Manager" + } } ] }, @@ -40,56 +46,34 @@ ] } }, + "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", - "title" : "IBM Security Bulletin 0716201 (Rational Quality Manager)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201" - }, - { - "name" : "ibm-rqm-cve20171242-html-injection (124524)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124524" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2017-1242", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-07-03T00:00:00" - }, "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524." + "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524." } ] }, "impact" : { "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, "BM" : { - "AC" : "L", - "C" : "L", - "PR" : "L", - "UI" : "R", "A" : "N", - "I" : "L", + "AC" : "L", "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", "SCORE" : "5.400", - "S" : "C" + "UI" : "R" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } } }, @@ -98,11 +82,25 @@ { "description" : [ { - "value" : "Cross-Site Scripting", - "lang" : "eng" + "lang" : "eng", + "value" : "Cross-Site Scripting" } ] } ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201" + }, + { + "name" : "ibm-rqm-cve20171242-html-injection(124524)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124524" + } + ] } } diff --git a/2017/1xxx/CVE-2017-1248.json b/2017/1xxx/CVE-2017-1248.json index 8daaa96aab7..7e9555296af 100644 --- a/2017/1xxx/CVE-2017-1248.json +++ b/2017/1xxx/CVE-2017-1248.json @@ -1,14 +1,18 @@ { - "data_version" : "4.0", - "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-07-03T00:00:00", + "ID" : "CVE-2017-1248", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Rational Quality Manager", "version" : { "version_data" : [ { @@ -33,40 +37,43 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Quality Manager" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628." + "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628." } ] }, "impact" : { "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, "BM" : { - "PR" : "L", - "C" : "L", + "A" : "N", "AC" : "L", - "SCORE" : "5.400", "AV" : "N", + "C" : "L", "I" : "L", + "PR" : "L", "S" : "C", - "UI" : "R", - "A" : "N" + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } } }, @@ -82,26 +89,17 @@ } ] }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-07-03T00:00:00", - "ID" : "CVE-2017-1248" - }, "references" : { "reference_data" : [ { - "title" : "IBM Security Bulletin 0716201 (Rational Quality Manager)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", - "refsource" : "CONFIRM" + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201" }, { - "name" : "ibm-rqm-cve20171248-html-injection (124628)", + "name" : "ibm-rqm-cve20171248-html-injection(124628)", "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124628", - "title" : "X-Force Vulnerability Report" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124628" } ] } diff --git a/2017/1xxx/CVE-2017-1329.json b/2017/1xxx/CVE-2017-1329.json index 68e81e8f5da..cb1bc1e3c9c 100644 --- a/2017/1xxx/CVE-2017-1329.json +++ b/2017/1xxx/CVE-2017-1329.json @@ -1,13 +1,18 @@ { - "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-07-03T00:00:00", + "ID" : "CVE-2017-1329", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Rational Quality Manager", "version" : { "version_data" : [ { @@ -32,44 +37,46 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Quality Manager" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "AC" : "L", - "C" : "L", - "PR" : "L", - "UI" : "R", - "A" : "N", - "S" : "C", - "I" : "L", - "SCORE" : "5.400", - "AV" : "N" - } - } - }, + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231." + "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231." } ] }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -82,26 +89,17 @@ } ] }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "ID" : "CVE-2017-1329", - "DATE_PUBLIC" : "2018-07-03T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, "references" : { "reference_data" : [ { - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", - "title" : "IBM Security Bulletin 0716201 (Rational Quality Manager)", + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201" + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201" }, { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126231", - "name" : "ibm-rqm-cve20171329-html-injection (126231)", - "refsource" : "XF" + "name" : "ibm-rqm-cve20171329-html-injection(126231)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126231" } ] } diff --git a/2017/1xxx/CVE-2017-1488.json b/2017/1xxx/CVE-2017-1488.json index f6db501f633..fbf4e517440 100644 --- a/2017/1xxx/CVE-2017-1488.json +++ b/2017/1xxx/CVE-2017-1488.json @@ -1,9 +1,14 @@ { + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-06-28T00:00:00", + "ID" : "CVE-2017-1488", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -35,6 +40,7 @@ } }, { + "product_name" : "Rational DOORS Next Generation", "version" : { "version_data" : [ { @@ -59,8 +65,7 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational DOORS Next Generation" + } }, { "product_name" : "Rational Quality Manager", @@ -135,6 +140,7 @@ } }, { + "product_name" : "Rational Team Concert", "version" : { "version_data" : [ { @@ -159,10 +165,10 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Team Concert" + } }, { + "product_name" : "Rational Rhapsody Design Manager", "version" : { "version_data" : [ { @@ -187,68 +193,46 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Rhapsody Design Manager" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", - "data_format" : "MITRE", - "references" : { - "reference_data" : [ + "description" : { + "description_data" : [ { - "url" : "https://www-prd-trops.events.ibm.com/node/715709", - "title" : "IBM Security Bulletin 0715709", - "name" : "https://www-prd-trops.events.ibm.com/node/715709", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128627", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-jazz-cve20171488-info-disc (128627)" + "lang" : "eng", + "value" : "An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627." } ] }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ID" : "CVE-2017-1488" - }, "impact" : { "cvssv3" : { "BM" : { - "C" : "L", - "PR" : "N", - "AC" : "H", - "S" : "U", - "I" : "N", - "AV" : "N", - "SCORE" : "3.700", "A" : "N", + "AC" : "H", + "AV" : "N", + "C" : "L", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "3.700", "UI" : "N" }, "TM" : { - "RC" : "C", "E" : "U", + "RC" : "C", "RL" : "O" } } }, - "description" : { - "description_data" : [ - { - "value" : "An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.", - "lang" : "eng" - } - ] - }, "problemtype" : { "problemtype_data" : [ { @@ -260,5 +244,19 @@ ] } ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www-prd-trops.events.ibm.com/node/715709", + "refsource" : "CONFIRM", + "url" : "https://www-prd-trops.events.ibm.com/node/715709" + }, + { + "name" : "ibm-jazz-cve20171488-info-disc(128627)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128627" + } + ] } } diff --git a/2017/1xxx/CVE-2017-1509.json b/2017/1xxx/CVE-2017-1509.json index 8360f3cc88a..1e822f5c16f 100644 --- a/2017/1xxx/CVE-2017-1509.json +++ b/2017/1xxx/CVE-2017-1509.json @@ -1,74 +1,14 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "PR" : "L", - "C" : "L", - "A" : "N", - "UI" : "N", - "SCORE" : "4.300", - "AV" : "N", - "I" : "N", - "S" : "U" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_format" : "MITRE", "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-06-28T00:00:00", "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2017-1509" + "DATE_PUBLIC" : "2018-06-28T00:00:00", + "ID" : "CVE-2017-1509", + "STATE" : "PUBLIC" }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715709", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 0715709", - "url" : "https://www-prd-trops.events.ibm.com/node/715709" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129719", - "refsource" : "XF", - "name" : "ibm-jazz-cve20171509-info-disc (129719)" - } - ] - }, - "data_version" : "4.0", - "data_type" : "CVE", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -100,6 +40,7 @@ } }, { + "product_name" : "Rational Software Architect Design Manager", "version" : { "version_data" : [ { @@ -112,8 +53,7 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Software Architect Design Manager" + } }, { "product_name" : "Rational Team Concert", @@ -144,6 +84,7 @@ } }, { + "product_name" : "Rational Collaborative Lifecycle Management", "version" : { "version_data" : [ { @@ -168,8 +109,7 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Collaborative Lifecycle Management" + } }, { "product_name" : "Rational Engineering Lifecycle Manager", @@ -228,6 +168,7 @@ } }, { + "product_name" : "Rational Quality Manager", "version" : { "version_data" : [ { @@ -252,13 +193,70 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Quality Manager" + } } ] - } + }, + "vendor_name" : "IBM" } ] } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "4.300", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www-prd-trops.events.ibm.com/node/715709", + "refsource" : "CONFIRM", + "url" : "https://www-prd-trops.events.ibm.com/node/715709" + }, + { + "name" : "ibm-jazz-cve20171509-info-disc(129719)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129719" + } + ] } } diff --git a/2017/1xxx/CVE-2017-1559.json b/2017/1xxx/CVE-2017-1559.json index 0b44d438c84..f6711a7a207 100644 --- a/2017/1xxx/CVE-2017-1559.json +++ b/2017/1xxx/CVE-2017-1559.json @@ -1,75 +1,18 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715709", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 0715709", - "url" : "https://www-prd-trops.events.ibm.com/node/715709" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131758", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-dng-cve20171559-info-disc (131758)" - } - ] - }, "CVE_data_meta" : { - "ID" : "CVE-2017-1559", "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-06-28T00:00:00" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758." - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "U", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "UI" : "N", - "A" : "N", - "S" : "U", - "SCORE" : "3.100", - "AV" : "N", - "I" : "N", - "AC" : "H", - "PR" : "L", - "C" : "L" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] + "DATE_PUBLIC" : "2018-06-28T00:00:00", + "ID" : "CVE-2017-1559", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Rational Rhapsody Design Manager", "version" : { "version_data" : [ { @@ -94,8 +37,7 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Rhapsody Design Manager" + } }, { "product_name" : "Rational Software Architect Design Manager", @@ -114,6 +56,7 @@ } }, { + "product_name" : "Rational Team Concert", "version" : { "version_data" : [ { @@ -138,8 +81,7 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational Team Concert" + } }, { "product_name" : "Rational Collaborative Lifecycle Management", @@ -170,6 +112,7 @@ } }, { + "product_name" : "Rational DOORS Next Generation", "version" : { "version_data" : [ { @@ -194,8 +137,7 @@ "version_value" : "5.0.x" } ] - }, - "product_name" : "Rational DOORS Next Generation" + } }, { "product_name" : "Rational Engineering Lifecycle Manager", @@ -254,11 +196,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", "data_type" : "CVE", - "data_version" : "4.0" + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "H", + "AV" : "N", + "C" : "L", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "3.100", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "U", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www-prd-trops.events.ibm.com/node/715709", + "refsource" : "CONFIRM", + "url" : "https://www-prd-trops.events.ibm.com/node/715709" + }, + { + "name" : "ibm-dng-cve20171559-info-disc(131758)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131758" + } + ] + } } diff --git a/2017/1xxx/CVE-2017-1795.json b/2017/1xxx/CVE-2017-1795.json index ff5da6ff115..2c3b62256a9 100644 --- a/2017/1xxx/CVE-2017-1795.json +++ b/2017/1xxx/CVE-2017-1795.json @@ -1,14 +1,18 @@ { - "data_version" : "4.0", - "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-05-13T00:00:00", + "ID" : "CVE-2017-1795", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "WebSphere MQ", "version" : { "version_data" : [ { @@ -33,76 +37,70 @@ "version_value" : "9.0" } ] - }, - "product_name" : "WebSphere MQ" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "L", + "C" : "H", + "I" : "N", + "PR" : "H", + "S" : "U", + "SCORE" : "4.400", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Obtain Information", - "lang" : "eng" + "lang" : "eng", + "value" : "Obtain Information" } ] } ] }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "SCORE" : "4.400", - "AV" : "L", - "I" : "N", - "S" : "U", - "UI" : "N", - "A" : "N", - "PR" : "H", - "C" : "H", - "AC" : "L" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.", - "lang" : "eng" - } - ] - }, "references" : { "reference_data" : [ { - "refsource" : "CONFIRM", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012389", - "title" : "IBM Security Bulletin 2012389 (WebSphere MQ)", + "refsource" : "CONFIRM", "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012389" }, { + "name" : "ibm-websphere-cve20171795-info-disc(137042)", "refsource" : "XF", - "name" : "ibm-websphere-cve20171795-info-disc (137042)", - "title" : "X-Force Vulnerability Report", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137042" } ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2017-1795", - "DATE_PUBLIC" : "2018-05-13T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_format" : "MITRE" + } } diff --git a/2018/11xxx/CVE-2018-11124.json b/2018/11xxx/CVE-2018-11124.json index b866f003ce8..d3723a5d008 100644 --- a/2018/11xxx/CVE-2018-11124.json +++ b/2018/11xxx/CVE-2018-11124.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11124", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://docs.google.com/document/d/1dJP1CQupHGXjsMWthgPGepOkcnxYA4mDfdjOE46nrhM/edit?usp=sharing", + "refsource" : "MISC", + "url" : "https://docs.google.com/document/d/1dJP1CQupHGXjsMWthgPGepOkcnxYA4mDfdjOE46nrhM/edit?usp=sharing" } ] } diff --git a/2018/12xxx/CVE-2018-12582.json b/2018/12xxx/CVE-2018-12582.json index e83e0f534f8..7c8aafb69f3 100644 --- a/2018/12xxx/CVE-2018-12582.json +++ b/2018/12xxx/CVE-2018-12582.json @@ -56,6 +56,11 @@ "name" : "https://github.com/chenrui1896/issue/blob/master/add_admin", "refsource" : "MISC", "url" : "https://github.com/chenrui1896/issue/blob/master/add_admin" + }, + { + "name" : "https://github.com/p8w/akcms/issues/1", + "refsource" : "MISC", + "url" : "https://github.com/p8w/akcms/issues/1" } ] } diff --git a/2018/12xxx/CVE-2018-12583.json b/2018/12xxx/CVE-2018-12583.json index d1d44ac81ef..451326426da 100644 --- a/2018/12xxx/CVE-2018-12583.json +++ b/2018/12xxx/CVE-2018-12583.json @@ -56,6 +56,11 @@ "name" : "https://github.com/chenrui1896/issue/blob/master/del_article", "refsource" : "MISC", "url" : "https://github.com/chenrui1896/issue/blob/master/del_article" + }, + { + "name" : "https://github.com/p8w/akcms/issues/2", + "refsource" : "MISC", + "url" : "https://github.com/p8w/akcms/issues/2" } ] } diff --git a/2018/12xxx/CVE-2018-12695.json b/2018/12xxx/CVE-2018-12695.json index 65fef588ae3..a61b13dabbb 100644 --- a/2018/12xxx/CVE-2018-12695.json +++ b/2018/12xxx/CVE-2018-12695.json @@ -56,6 +56,11 @@ "name" : "https://github.com/chenrui1896/mao10cms_xss/wiki/The-xss-vulnerability-of-mao10cms", "refsource" : "MISC", "url" : "https://github.com/chenrui1896/mao10cms_xss/wiki/The-xss-vulnerability-of-mao10cms" + }, + { + "name" : "https://github.com/nsmaomao/mao10cms/issues/2", + "refsource" : "MISC", + "url" : "https://github.com/nsmaomao/mao10cms/issues/2" } ] } diff --git a/2018/12xxx/CVE-2018-12696.json b/2018/12xxx/CVE-2018-12696.json index 48e661a026b..3c8eeb0a7ec 100644 --- a/2018/12xxx/CVE-2018-12696.json +++ b/2018/12xxx/CVE-2018-12696.json @@ -56,6 +56,11 @@ "name" : "https://github.com/chenrui1896/mao10cms_xss/wiki/The-xss-vulnerability-of-mao10cms", "refsource" : "MISC", "url" : "https://github.com/chenrui1896/mao10cms_xss/wiki/The-xss-vulnerability-of-mao10cms" + }, + { + "name" : "https://github.com/nsmaomao/mao10cms/issues/3", + "refsource" : "MISC", + "url" : "https://github.com/nsmaomao/mao10cms/issues/3" } ] } diff --git a/2018/13xxx/CVE-2018-13108.json b/2018/13xxx/CVE-2018-13108.json index b7f3e9bc3f5..5d3aed83f73 100644 --- a/2018/13xxx/CVE-2018-13108.json +++ b/2018/13xxx/CVE-2018-13108.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-13108", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180704 SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers", + "refsource" : "BUGTRAQ", + "url" : "http://www.securityfocus.com/archive/1/archive/1/542117/100/0/threaded" + }, + { + "name" : "20180704 SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jul/17" + }, + { + "name" : "http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html" + }, + { + "name" : "https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/", + "refsource" : "MISC", + "url" : "https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/" } ] } diff --git a/2018/13xxx/CVE-2018-13109.json b/2018/13xxx/CVE-2018-13109.json index 1aa48301f7a..f483c224f27 100644 --- a/2018/13xxx/CVE-2018-13109.json +++ b/2018/13xxx/CVE-2018-13109.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-13109", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180704 SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers", + "refsource" : "BUGTRAQ", + "url" : "http://www.securityfocus.com/archive/1/archive/1/542119/100/0/threaded" + }, + { + "name" : "20180704 SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jul/18" + }, + { + "name" : "http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html" + }, + { + "name" : "https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/", + "refsource" : "MISC", + "url" : "https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/" } ] } diff --git a/2018/13xxx/CVE-2018-13110.json b/2018/13xxx/CVE-2018-13110.json index c41d1412e6f..6b16a4ea8a1 100644 --- a/2018/13xxx/CVE-2018-13110.json +++ b/2018/13xxx/CVE-2018-13110.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-13110", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180704 SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers", + "refsource" : "BUGTRAQ", + "url" : "http://www.securityfocus.com/archive/1/archive/1/542118/100/0/threaded" + }, + { + "name" : "20180704 SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jul/19" + }, + { + "name" : "http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html" + }, + { + "name" : "https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/", + "refsource" : "MISC", + "url" : "https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/" } ] } diff --git a/2018/13xxx/CVE-2018-13365.json b/2018/13xxx/CVE-2018-13365.json new file mode 100644 index 00000000000..c14775deac7 --- /dev/null +++ b/2018/13xxx/CVE-2018-13365.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13365", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13366.json b/2018/13xxx/CVE-2018-13366.json new file mode 100644 index 00000000000..75694674a58 --- /dev/null +++ b/2018/13xxx/CVE-2018-13366.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13366", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13367.json b/2018/13xxx/CVE-2018-13367.json new file mode 100644 index 00000000000..8a10b62e102 --- /dev/null +++ b/2018/13xxx/CVE-2018-13367.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13367", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13368.json b/2018/13xxx/CVE-2018-13368.json new file mode 100644 index 00000000000..53712ee4d10 --- /dev/null +++ b/2018/13xxx/CVE-2018-13368.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13368", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13369.json b/2018/13xxx/CVE-2018-13369.json new file mode 100644 index 00000000000..9839e0194d6 --- /dev/null +++ b/2018/13xxx/CVE-2018-13369.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13369", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13370.json b/2018/13xxx/CVE-2018-13370.json new file mode 100644 index 00000000000..c4bf9ebbc9d --- /dev/null +++ b/2018/13xxx/CVE-2018-13370.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13370", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13371.json b/2018/13xxx/CVE-2018-13371.json new file mode 100644 index 00000000000..ca2e92a5d9b --- /dev/null +++ b/2018/13xxx/CVE-2018-13371.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13371", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13372.json b/2018/13xxx/CVE-2018-13372.json new file mode 100644 index 00000000000..780f759e696 --- /dev/null +++ b/2018/13xxx/CVE-2018-13372.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13372", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13373.json b/2018/13xxx/CVE-2018-13373.json new file mode 100644 index 00000000000..627b0e21764 --- /dev/null +++ b/2018/13xxx/CVE-2018-13373.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13373", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13374.json b/2018/13xxx/CVE-2018-13374.json new file mode 100644 index 00000000000..42c6332f6c9 --- /dev/null +++ b/2018/13xxx/CVE-2018-13374.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13374", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13375.json b/2018/13xxx/CVE-2018-13375.json new file mode 100644 index 00000000000..28c82d785e7 --- /dev/null +++ b/2018/13xxx/CVE-2018-13375.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13375", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13376.json b/2018/13xxx/CVE-2018-13376.json new file mode 100644 index 00000000000..f4faeaf9dce --- /dev/null +++ b/2018/13xxx/CVE-2018-13376.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13376", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13377.json b/2018/13xxx/CVE-2018-13377.json new file mode 100644 index 00000000000..ae4064eb075 --- /dev/null +++ b/2018/13xxx/CVE-2018-13377.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13377", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13378.json b/2018/13xxx/CVE-2018-13378.json new file mode 100644 index 00000000000..20b2ed68cca --- /dev/null +++ b/2018/13xxx/CVE-2018-13378.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13378", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13379.json b/2018/13xxx/CVE-2018-13379.json new file mode 100644 index 00000000000..ba633ef265d --- /dev/null +++ b/2018/13xxx/CVE-2018-13379.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13379", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13380.json b/2018/13xxx/CVE-2018-13380.json new file mode 100644 index 00000000000..c5b51433fd1 --- /dev/null +++ b/2018/13xxx/CVE-2018-13380.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13380", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13381.json b/2018/13xxx/CVE-2018-13381.json new file mode 100644 index 00000000000..ffcf3be01eb --- /dev/null +++ b/2018/13xxx/CVE-2018-13381.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13381", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13382.json b/2018/13xxx/CVE-2018-13382.json new file mode 100644 index 00000000000..769d1896d32 --- /dev/null +++ b/2018/13xxx/CVE-2018-13382.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13382", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13383.json b/2018/13xxx/CVE-2018-13383.json new file mode 100644 index 00000000000..312fb9a9c19 --- /dev/null +++ b/2018/13xxx/CVE-2018-13383.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13383", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13384.json b/2018/13xxx/CVE-2018-13384.json new file mode 100644 index 00000000000..06ae72bbf68 --- /dev/null +++ b/2018/13xxx/CVE-2018-13384.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13384", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13385.json b/2018/13xxx/CVE-2018-13385.json new file mode 100644 index 00000000000..f30d6b305b7 --- /dev/null +++ b/2018/13xxx/CVE-2018-13385.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13385", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13386.json b/2018/13xxx/CVE-2018-13386.json new file mode 100644 index 00000000000..3d197fb725d --- /dev/null +++ b/2018/13xxx/CVE-2018-13386.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13386", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13387.json b/2018/13xxx/CVE-2018-13387.json new file mode 100644 index 00000000000..447a4ad8775 --- /dev/null +++ b/2018/13xxx/CVE-2018-13387.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13387", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13388.json b/2018/13xxx/CVE-2018-13388.json new file mode 100644 index 00000000000..07c61188b3a --- /dev/null +++ b/2018/13xxx/CVE-2018-13388.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13388", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13389.json b/2018/13xxx/CVE-2018-13389.json new file mode 100644 index 00000000000..51adee9974b --- /dev/null +++ b/2018/13xxx/CVE-2018-13389.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13389", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13390.json b/2018/13xxx/CVE-2018-13390.json new file mode 100644 index 00000000000..c7b40574a5f --- /dev/null +++ b/2018/13xxx/CVE-2018-13390.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13390", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13391.json b/2018/13xxx/CVE-2018-13391.json new file mode 100644 index 00000000000..f7232d45732 --- /dev/null +++ b/2018/13xxx/CVE-2018-13391.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13391", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13392.json b/2018/13xxx/CVE-2018-13392.json new file mode 100644 index 00000000000..280a5169a6d --- /dev/null +++ b/2018/13xxx/CVE-2018-13392.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13392", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13393.json b/2018/13xxx/CVE-2018-13393.json new file mode 100644 index 00000000000..380d16baf74 --- /dev/null +++ b/2018/13xxx/CVE-2018-13393.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13393", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13394.json b/2018/13xxx/CVE-2018-13394.json new file mode 100644 index 00000000000..32d347faea8 --- /dev/null +++ b/2018/13xxx/CVE-2018-13394.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13394", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13395.json b/2018/13xxx/CVE-2018-13395.json new file mode 100644 index 00000000000..526cc26258b --- /dev/null +++ b/2018/13xxx/CVE-2018-13395.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13395", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13396.json b/2018/13xxx/CVE-2018-13396.json new file mode 100644 index 00000000000..19082d3a703 --- /dev/null +++ b/2018/13xxx/CVE-2018-13396.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13396", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13397.json b/2018/13xxx/CVE-2018-13397.json new file mode 100644 index 00000000000..bd16fba135c --- /dev/null +++ b/2018/13xxx/CVE-2018-13397.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13397", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13398.json b/2018/13xxx/CVE-2018-13398.json new file mode 100644 index 00000000000..1aa59515e69 --- /dev/null +++ b/2018/13xxx/CVE-2018-13398.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13398", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13399.json b/2018/13xxx/CVE-2018-13399.json new file mode 100644 index 00000000000..c0c5fa5665a --- /dev/null +++ b/2018/13xxx/CVE-2018-13399.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13399", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13400.json b/2018/13xxx/CVE-2018-13400.json new file mode 100644 index 00000000000..6f64c3cabae --- /dev/null +++ b/2018/13xxx/CVE-2018-13400.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13400", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13401.json b/2018/13xxx/CVE-2018-13401.json new file mode 100644 index 00000000000..9acf1b6337a --- /dev/null +++ b/2018/13xxx/CVE-2018-13401.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13401", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13402.json b/2018/13xxx/CVE-2018-13402.json new file mode 100644 index 00000000000..18a1b8f2319 --- /dev/null +++ b/2018/13xxx/CVE-2018-13402.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13402", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13403.json b/2018/13xxx/CVE-2018-13403.json new file mode 100644 index 00000000000..90163d25600 --- /dev/null +++ b/2018/13xxx/CVE-2018-13403.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13403", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13404.json b/2018/13xxx/CVE-2018-13404.json new file mode 100644 index 00000000000..66add250ecb --- /dev/null +++ b/2018/13xxx/CVE-2018-13404.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13404", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13405.json b/2018/13xxx/CVE-2018-13405.json new file mode 100644 index 00000000000..1de5786754c --- /dev/null +++ b/2018/13xxx/CVE-2018-13405.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13405", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7", + "refsource" : "MISC", + "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" + }, + { + "name" : "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7", + "refsource" : "MISC", + "url" : "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" + }, + { + "name" : "https://twitter.com/grsecurity/status/1015082951204327425", + "refsource" : "MISC", + "url" : "https://twitter.com/grsecurity/status/1015082951204327425" + } + ] + } +} diff --git a/2018/13xxx/CVE-2018-13406.json b/2018/13xxx/CVE-2018-13406.json new file mode 100644 index 00000000000..b089f800d42 --- /dev/null +++ b/2018/13xxx/CVE-2018-13406.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-13406", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713", + "refsource" : "MISC", + "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713" + }, + { + "name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4", + "refsource" : "MISC", + "url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4" + }, + { + "name" : "https://github.com/torvalds/linux/commit/9f645bcc566a1e9f921bdae7528a01ced5bc3713", + "refsource" : "MISC", + "url" : "https://github.com/torvalds/linux/commit/9f645bcc566a1e9f921bdae7528a01ced5bc3713" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1494.json b/2018/1xxx/CVE-2018-1494.json index bb4ad9c615f..7bc2e67e4c3 100644 --- a/2018/1xxx/CVE-2018-1494.json +++ b/2018/1xxx/CVE-2018-1494.json @@ -1,5 +1,10 @@ { - "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-07-02T00:00:00", + "ID" : "CVE-2018-1494", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -47,30 +52,37 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", "data_version" : "4.0", - "references" : { - "reference_data" : [ + "description" : { + "description_data" : [ { - "title" : "IBM Security Bulletin 2015238 (Rational DOORS Next Generation)", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015238", - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015238", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141097", - "name" : "ibm-doors-cve20181494-xss (141097)", - "refsource" : "XF" + "lang" : "eng", + "value" : "IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141097." } ] }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-07-02T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1494" + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } }, - "data_format" : "MITRE", "problemtype" : { "problemtype_data" : [ { @@ -83,32 +95,18 @@ } ] }, - "description" : { - "description_data" : [ + "references" : { + "reference_data" : [ { - "lang" : "eng", - "value" : "IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141097." + "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015238", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015238" + }, + { + "name" : "ibm-doors-cve20181494-xss(141097)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141097" } ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "H", - "RL" : "O" - }, - "BM" : { - "UI" : "R", - "A" : "N", - "S" : "C", - "I" : "L", - "AV" : "N", - "SCORE" : "5.400", - "AC" : "L", - "C" : "L", - "PR" : "L" - } - } } } diff --git a/2018/1xxx/CVE-2018-1542.json b/2018/1xxx/CVE-2018-1542.json index 7753cf19d4c..c3d0012adc2 100644 --- a/2018/1xxx/CVE-2018-1542.json +++ b/2018/1xxx/CVE-2018-1542.json @@ -1,73 +1,14 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "AC" : "L", - "PR" : "L", - "C" : "H", - "UI" : "N", - "A" : "L", - "SCORE" : "7.100", - "AV" : "N", - "I" : "N", - "S" : "U" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 142597." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_format" : "MITRE", "CVE_data_meta" : { - "STATE" : "PUBLIC", "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-07-02T00:00:00", - "ID" : "CVE-2018-1542" + "ID" : "CVE-2018-1542", + "STATE" : "PUBLIC" }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015943", - "title" : "IBM Security Bulletin 2015943 (FileNet P8 Platform)", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015943" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142597", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-filenet-cve20181542-xxe (142597)", - "refsource" : "XF" - } - ] - }, - "data_version" : "4.0", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -84,10 +25,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, - "data_type" : "CVE" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 142597." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "7.100", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015943", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015943" + }, + { + "name" : "ibm-filenet-cve20181542-xxe(142597)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142597" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1546.json b/2018/1xxx/CVE-2018-1546.json index c97301bdf37..343fd8609ce 100644 --- a/2018/1xxx/CVE-2018-1546.json +++ b/2018/1xxx/CVE-2018-1546.json @@ -1,10 +1,14 @@ { - "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-07-02T00:00:00", + "ID" : "CVE-2018-1546", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -75,37 +79,40 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650.", - "lang" : "eng" + "lang" : "eng", + "value" : "IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650." } ] }, "impact" : { "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "H", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "5.900", + "UI" : "N" + }, "TM" : { "E" : "U", "RC" : "C", "RL" : "O" - }, - "BM" : { - "I" : "N", - "AV" : "N", - "SCORE" : "5.900", - "S" : "U", - "A" : "N", - "UI" : "N", - "C" : "H", - "PR" : "N", - "AC" : "H" } } }, @@ -114,34 +121,25 @@ { "description" : [ { - "value" : "Obtain Information", - "lang" : "eng" + "lang" : "eng", + "value" : "Obtain Information" } ] } ] }, - "data_format" : "MITRE", "references" : { "reference_data" : [ { "name" : "https://www-prd-trops.events.ibm.com/node/715299", "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 0715299 (API Connect)", "url" : "https://www-prd-trops.events.ibm.com/node/715299" }, { + "name" : "ibm-api-cve20181546-info-disc(142650)", "refsource" : "XF", - "name" : "ibm-api-cve20181546-info-disc (142650)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142650", - "title" : "X-Force Vulnerability Report" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142650" } ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2018-1546", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-07-02T00:00:00" } } diff --git a/2018/1xxx/CVE-2018-1555.json b/2018/1xxx/CVE-2018-1555.json index 50c99a8428c..e27f44e8382 100644 --- a/2018/1xxx/CVE-2018-1555.json +++ b/2018/1xxx/CVE-2018-1555.json @@ -1,66 +1,9 @@ { - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015943", - "title" : "IBM Security Bulletin 2015943 (FileNet P8 Platform)", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015943" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142892", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-filenet-cve20181555-xss (142892)" - } - ] - }, "CVE_data_meta" : { - "STATE" : "PUBLIC", "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-07-02T00:00:00", - "ID" : "CVE-2018-1555" - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - }, - "BM" : { - "AC" : "L", - "PR" : "L", - "C" : "L", - "UI" : "R", - "A" : "N", - "SCORE" : "5.400", - "AV" : "N", - "I" : "L", - "S" : "C" - } - } + "ID" : "CVE-2018-1555", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -88,6 +31,61 @@ ] } }, + "data_format" : "MITRE", "data_type" : "CVE", - "data_version" : "4.0" + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015943", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015943" + }, + { + "name" : "ibm-filenet-cve20181555-xss(142892)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142892" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1556.json b/2018/1xxx/CVE-2018-1556.json index abaae60aae8..e3895a632bc 100644 --- a/2018/1xxx/CVE-2018-1556.json +++ b/2018/1xxx/CVE-2018-1556.json @@ -1,66 +1,9 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015943", - "title" : "IBM Security Bulletin 2015943 (FileNet P8 Platform)", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015943" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142893", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-filenet-cve20181556-xss (142893)", - "refsource" : "XF" - } - ] - }, "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-07-02T00:00:00", - "STATE" : "PUBLIC", "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1556" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142893." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "L", - "C" : "L", - "AC" : "L", - "AV" : "N", - "SCORE" : "5.400", - "I" : "L", - "S" : "C", - "A" : "N", - "UI" : "R" - }, - "TM" : { - "RL" : "O", - "E" : "H", - "RC" : "C" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] + "DATE_PUBLIC" : "2018-07-02T00:00:00", + "ID" : "CVE-2018-1556", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -88,6 +31,61 @@ ] } }, + "data_format" : "MITRE", "data_type" : "CVE", - "data_version" : "4.0" + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142893." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "C", + "SCORE" : "5.400", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015943", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015943" + }, + { + "name" : "ibm-filenet-cve20181556-xss(142893)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142893" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1621.json b/2018/1xxx/CVE-2018-1621.json index 56549cca9c2..495fdf4d723 100644 --- a/2018/1xxx/CVE-2018-1621.json +++ b/2018/1xxx/CVE-2018-1621.json @@ -1,13 +1,18 @@ { - "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-06-28T00:00:00", + "ID" : "CVE-2018-1621", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "WebSphere Application Server", "version" : { "version_data" : [ { @@ -23,28 +28,38 @@ "version_value" : "9.0" } ] - }, - "product_name" : "WebSphere Application Server" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346." + } + ] + }, "impact" : { "cvssv3" : { "BM" : { - "AC" : "L", - "PR" : "H", - "C" : "H", "A" : "N", - "UI" : "N", + "AC" : "L", "AV" : "L", - "SCORE" : "4.400", + "C" : "H", "I" : "N", - "S" : "U" + "PR" : "H", + "S" : "U", + "SCORE" : "4.400", + "UI" : "N" }, "TM" : { "E" : "U", @@ -53,14 +68,6 @@ } } }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346." - } - ] - }, "problemtype" : { "problemtype_data" : [ { @@ -73,27 +80,18 @@ } ] }, - "data_format" : "MITRE", "references" : { "reference_data" : [ { - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016821", - "title" : "IBM Security Bulletin 2016821 (WebSphere Application Server)", + "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016821", "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016821" + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016821" }, { - "name" : "ibm-websphere-cve20181621-info-disc (144346)", + "name" : "ibm-websphere-cve20181621-info-disc(144346)", "refsource" : "XF", - "title" : "X-Force Vulnerability Report", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144346" } ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2018-1621", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" } } diff --git a/2018/1xxx/CVE-2018-1676.json b/2018/1xxx/CVE-2018-1676.json index e9b7ce1f03f..0bbd4c64f6d 100644 --- a/2018/1xxx/CVE-2018-1676.json +++ b/2018/1xxx/CVE-2018-1676.json @@ -1,76 +1,18 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "C" : "L", - "PR" : "N", - "UI" : "R", - "A" : "N", - "I" : "L", - "AV" : "N", - "SCORE" : "6.100", - "S" : "C" - }, - "TM" : { - "RC" : "C", - "E" : "H", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 2016372 (Planning Analytics Local)", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016372", - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016372", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-pa-cve20181676-xss (145118)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145118" - } - ] - }, "CVE_data_meta" : { - "STATE" : "PUBLIC", "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-06-27T00:00:00", - "ID" : "CVE-2018-1676" + "ID" : "CVE-2018-1676", + "STATE" : "PUBLIC" }, - "data_version" : "4.0", "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Planning Analytics Local", "version" : { "version_data" : [ { @@ -89,14 +31,70 @@ "version_value" : "2.0.4" } ] - }, - "product_name" : "Planning Analytics Local" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, - "data_type" : "CVE" + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "N", + "S" : "C", + "SCORE" : "6.100", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016372", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016372" + }, + { + "name" : "ibm-pa-cve20181676-xss(145118)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145118" + } + ] + } }