diff --git a/2018/0xxx/CVE-2018-0646.json b/2018/0xxx/CVE-2018-0646.json index fe875012d91..5a41ba6a494 100644 --- a/2018/0xxx/CVE-2018-0646.json +++ b/2018/0xxx/CVE-2018-0646.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759" - }, - { - "url": "http://jvn.jp/en/jp/JVN55813866/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "v.7.58 and earlier" - } - ] - }, - "product_name": "Explzh" - } - ] - }, - "vendor_name": "pon software" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0646", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Directory traversal" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0646", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Explzh", + "version" : { + "version_data" : [ + { + "version_value" : "v.7.58 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "pon software" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Directory traversal" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759", + "refsource" : "CONFIRM", + "url" : "https://www.ponsoftware.com/archiver/explzh/explzh.htm#explz759" + }, + { + "name" : "JVN#55813866", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN55813866/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0656.json b/2018/0xxx/CVE-2018-0656.json index 512d1625de0..a13b2a3dd9a 100644 --- a/2018/0xxx/CVE-2018-0656.json +++ b/2018/0xxx/CVE-2018-0656.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://esupport.sony.com/US/p/swu-download.pl?upd_id=10998&PASSVAL2=SMB." - }, - { - "url": "http://jvn.jp/en/jp/JVN75700242/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "version 1.4.0.16050 and earlier" - } - ] - }, - "product_name": "The installer of Digital Paper App" - } - ] - }, - "vendor_name": "Sony Corporation" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0656", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0656", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "The installer of Digital Paper App", + "version" : { + "version_data" : [ + { + "version_value" : "version 1.4.0.16050 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Sony Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://esupport.sony.com/US/p/swu-download.pl?upd_id=10998&PASSVAL2=SMB.", + "refsource" : "CONFIRM", + "url" : "https://esupport.sony.com/US/p/swu-download.pl?upd_id=10998&PASSVAL2=SMB." + }, + { + "name" : "JVN#75700242", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN75700242/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0664.json b/2018/0xxx/CVE-2018-0664.json index fc6744b4846..acf56b6fcfc 100644 --- a/2018/0xxx/CVE-2018-0664.json +++ b/2018/0xxx/CVE-2018-0664.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://www.nomachine.com/TR06P08619" - }, - { - "url": "http://jvn.jp/en/jp/JVN14451678/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "5.0.63 and earlier" - } - ] - }, - "product_name": "NoMachine App for Android" - } - ] - }, - "vendor_name": "NoMachine S.a r.l." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0664", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "External Control of Critical State Data" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0664", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NoMachine App for Android", + "version" : { + "version_data" : [ + { + "version_value" : "5.0.63 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "NoMachine S.a r.l." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "External Control of Critical State Data" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.nomachine.com/TR06P08619", + "refsource" : "CONFIRM", + "url" : "https://www.nomachine.com/TR06P08619" + }, + { + "name" : "JVN#14451678", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN14451678/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0672.json b/2018/0xxx/CVE-2018-0672.json index 6bf7bb93935..3bcfec503ba 100644 --- a/2018/0xxx/CVE-2018-0672.json +++ b/2018/0xxx/CVE-2018-0672.json @@ -1,59 +1,62 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "http://jvn.jp/en/jp/JVN89550319/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "versions prior to Ver. 6.3.1" - } - ] - }, - "product_name": "Movable Type" - } - ] - }, - "vendor_name": "Six Apart, Ltd." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0672", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0672", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Movable Type", + "version" : { + "version_data" : [ + { + "version_value" : "versions prior to Ver. 6.3.1" + } + ] + } + } + ] + }, + "vendor_name" : "Six Apart, Ltd." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "JVN#89550319", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN89550319/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0674.json b/2018/0xxx/CVE-2018-0674.json index 0a14ed6e901..10b338ceff8 100644 --- a/2018/0xxx/CVE-2018-0674.json +++ b/2018/0xxx/CVE-2018-0674.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://hibara.org/software/attachecase/?lang=en" - }, - { - "url": "http://jvn.jp/en/jp/JVN02037158/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "ver.2.8.4.0 and earlier" - } - ] - }, - "product_name": "AttacheCase" - } - ] - }, - "vendor_name": "HiBARA Software" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0674", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote code execution" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0674", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "AttacheCase", + "version" : { + "version_data" : [ + { + "version_value" : "ver.2.8.4.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "HiBARA Software" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://hibara.org/software/attachecase/?lang=en", + "refsource" : "CONFIRM", + "url" : "https://hibara.org/software/attachecase/?lang=en" + }, + { + "name" : "JVN#02037158", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN02037158/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0675.json b/2018/0xxx/CVE-2018-0675.json index 85c80284b60..fe5235ecd0e 100644 --- a/2018/0xxx/CVE-2018-0675.json +++ b/2018/0xxx/CVE-2018-0675.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://hibara.org/software/attachecase/?lang=en" - }, - { - "url": "http://jvn.jp/en/jp/JVN02037158/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "ver.3.3.0.0 and earlier" - } - ] - }, - "product_name": "AttacheCase" - } - ] - }, - "vendor_name": "HiBARA Software" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0675", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote code execution" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0675", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "AttacheCase", + "version" : { + "version_data" : [ + { + "version_value" : "ver.3.3.0.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "HiBARA Software" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://hibara.org/software/attachecase/?lang=en", + "refsource" : "CONFIRM", + "url" : "https://hibara.org/software/attachecase/?lang=en" + }, + { + "name" : "JVN#02037158", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN02037158/index.html" + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10904.json b/2018/10xxx/CVE-2018-10904.json index 35117ac7001..ca2c07cf3ac 100644 --- a/2018/10xxx/CVE-2018-10904.json +++ b/2018/10xxx/CVE-2018-10904.json @@ -1,71 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-10904", - "ASSIGNER": "anemec@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Red Hat", - "product": { - "product_data": [ - { - "product_name": "glusterfs", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "anemec@redhat.com", + "ID" : "CVE-2018-10904", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "glusterfs", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "Red Hat" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-426" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-426" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904" + }, + { + "name" : "https://review.gluster.org/#/c/glusterfs/+/21072/", + "refsource" : "CONFIRM", + "url" : "https://review.gluster.org/#/c/glusterfs/+/21072/" + } + ] + } } diff --git a/2018/10xxx/CVE-2018-10907.json b/2018/10xxx/CVE-2018-10907.json index 1b3bede1910..4724e9af058 100644 --- a/2018/10xxx/CVE-2018-10907.json +++ b/2018/10xxx/CVE-2018-10907.json @@ -1,71 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-10907", - "ASSIGNER": "anemec@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Red Hat", - "product": { - "product_data": [ - { - "product_name": "glusterfs", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "anemec@redhat.com", + "ID" : "CVE-2018-10907", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "glusterfs", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "Red Hat" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-121" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "It was found that glusterfs server is vulnerable to mulitple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907" + }, + { + "name" : "https://review.gluster.org/#/c/glusterfs/+/21070/", + "refsource" : "CONFIRM", + "url" : "https://review.gluster.org/#/c/glusterfs/+/21070/" + } + ] + } }