diff --git a/2015/8xxx/CVE-2015-8094.json b/2015/8xxx/CVE-2015-8094.json index 28848e545ee..7a4046a1194 100644 --- a/2015/8xxx/CVE-2015-8094.json +++ b/2015/8xxx/CVE-2015-8094.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-8094", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.harmfultrust.com/p/advisories.html", + "refsource" : "MISC", + "url" : "https://www.harmfultrust.com/p/advisories.html" + }, + { + "name" : "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html", + "refsource" : "CONFIRM", + "url" : "http://cloudera.github.io/hue/latest/release-notes/release-notes-3.10.0.html" + }, + { + "name" : "https://github.com/cloudera/hue/pull/346", + "refsource" : "CONFIRM", + "url" : "https://github.com/cloudera/hue/pull/346" + }, + { + "name" : "https://issues.cloudera.org/browse/HUE-3626", + "refsource" : "CONFIRM", + "url" : "https://issues.cloudera.org/browse/HUE-3626" } ] } diff --git a/2018/11xxx/CVE-2018-11093.json b/2018/11xxx/CVE-2018-11093.json index d18baf85d59..643c141efba 100644 --- a/2018/11xxx/CVE-2018-11093.json +++ b/2018/11xxx/CVE-2018-11093.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11093", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/", + "refsource" : "CONFIRM", + "url" : "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/" + }, + { + "name" : "https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22", + "refsource" : "CONFIRM", + "url" : "https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22" } ] } diff --git a/2018/6xxx/CVE-2018-6494.json b/2018/6xxx/CVE-2018-6494.json index f6e3f81243c..1ce3144e663 100644 --- a/2018/6xxx/CVE-2018-6494.json +++ b/2018/6xxx/CVE-2018-6494.json @@ -1,88 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@microfocus.com", - "DATE_PUBLIC": "2018-05-10T19:01:00.000Z", - "ID": "CVE-2018-6494", - "STATE": "PUBLIC", - "TITLE": "MFSBGN03807 rev.1 - HP Service Manager Software, Multiple Vulnerabilities" + "CVE_data_meta" : { + "ASSIGNER" : "security@microfocus.com", + "DATE_PUBLIC" : "2018-05-10T19:01:00.000Z", + "ID" : "CVE-2018-6494", + "STATE" : "PUBLIC", + "TITLE" : "MFSBGN03807 rev.1 - HP Service Manager Software, Multiple Vulnerabilities" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "HP Service Manager Software", - "version": { - "version_data": [ + "product_name" : "HP Service Manager Software", + "version" : { + "version_data" : [ { - "version_value": "9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51" + "version_value" : "9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51" } ] } } ] }, - "vendor_name": "Micro Focus" + "vendor_name" : "Micro Focus" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data." + "lang" : "eng", + "value" : "Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data." } ] }, - "exploit": [ + "exploit" : [ { - "lang": "eng", - "value": "Unauthorized Disclosure of Data" + "lang" : "eng", + "value" : "Unauthorized Disclosure of Data" } ], - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "NETWORK", + "availabilityImpact" : "NONE", + "baseScore" : 6.4, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "LOW", + "integrityImpact" : "LOW", + "privilegesRequired" : "LOW", + "scope" : "CHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Remote SQL Injection" + "lang" : "eng", + "value" : "Remote SQL Injection" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "CONFIRM", - "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158656" + "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158656", + "refsource" : "CONFIRM", + "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158656" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } }