admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-26 13:04:21 -04:00
parent 357009c160
commit 6edd267d02
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
15 changed files with 944 additions and 893 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
2017/12xxx/CVE-2017-12167.json
View File

@ -1,16 +1,13 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-12167",
"ASSIGNER": "anemec@redhat.com"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Red Hat",
"product" : {
"product_data" : [
{
@ -24,32 +21,15 @@
}
}
]
}
},
"vendor_name" : "Red Hat"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167",
"refsource": "CONFIRM"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
@ -67,5 +47,26 @@
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-732"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167"
}
]
}
}

55
2017/12xxx/CVE-2017-12171.json
View File

@ -1,16 +1,13 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-12171",
"ASSIGNER": "anemec@redhat.com"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Red Hat",
"product" : {
"product_data" : [
{
@ -24,32 +21,15 @@
}
}
]
}
},
"vendor_name" : "Red Hat"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171",
"refsource": "CONFIRM"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
@ -67,5 +47,26 @@
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171"
}
]
}
}

60
2017/12xxx/CVE-2017-12175.json
View File

@ -1,16 +1,13 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-12175",
"ASSIGNER": "anemec@redhat.com"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Red Hat",
"product" : {
"product_data" : [
{
@ -24,32 +21,15 @@
}
}
]
}
},
"vendor_name" : "Red Hat"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12175",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12175",
"refsource": "CONFIRM"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
@ -67,5 +47,31 @@
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12175",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12175"
},
{
"name" : "https://projects.theforeman.org/issues/22042",
"refsource" : "CONFIRM",
"url" : "https://projects.theforeman.org/issues/22042"
}
]
}
}

60
2017/2xxx/CVE-2017-2582.json
View File

@ -1,16 +1,13 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-2582",
"ASSIGNER": "anemec@redhat.com"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Red Hat",
"product" : {
"product_data" : [
{
@ -24,32 +21,15 @@
}
}
]
}
},
"vendor_name" : "Red Hat"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-201"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582",
"refsource": "CONFIRM"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
@ -67,5 +47,31 @@
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-201"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582"
},
{
"name" : "https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237",
"refsource" : "CONFIRM",
"url" : "https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237"
}
]
}
}

2
2017/7xxx/CVE-2017-7526.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "libgcrypt before version 1.7.8 is vulnerable to a to cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used."
"value" : "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used."
}
]
},

55
2018/0xxx/CVE-2018-0607.json
View File

@ -1,24 +1,9 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://kb.cybozu.support/article/33120/"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0607",
"STATE" : "PUBLIC"
},
{
"url": "http://jvn.jp/en/jp/JVN13415512/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -26,14 +11,14 @@
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Garoon",
"version" : {
"version_data" : [
{
"version_value" : "3.5.0 to 4.6.2"
}
]
},
"product_name": "Cybozu Garoon"
}
}
]
},
@ -42,11 +27,17 @@
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0607",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -58,5 +49,19 @@
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.cybozu.support/article/33120/",
"refsource" : "CONFIRM",
"url" : "https://kb.cybozu.support/article/33120/"
},
{
"name" : "JVN#13415512",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN13415512/index.html"
}
]
}
}

55
2018/0xxx/CVE-2018-0613.json
View File

@ -1,24 +1,9 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0613",
"STATE" : "PUBLIC"
},
{
"url": "http://jvn.jp/en/jp/JVN63895206/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -26,14 +11,14 @@
"product" : {
"product_data" : [
{
"product_name" : "Calsos CSDX and CSDJ series products",
"version" : {
"version_data" : [
{
"version_value" : "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
}
]
},
"product_name": "Calsos CSDX and CSDJ series products"
}
}
]
},
@ -42,11 +27,17 @@
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0613",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -58,5 +49,19 @@
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
"refsource" : "CONFIRM",
"url" : "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
},
{
"name" : "JVN#63895206",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN63895206/index.html"
}
]
}
}

55
2018/0xxx/CVE-2018-0614.json
View File

@ -1,24 +1,9 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0614",
"STATE" : "PUBLIC"
},
{
"url": "http://jvn.jp/en/jp/JVN63895206/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -26,14 +11,14 @@
"product" : {
"product_data" : [
{
"product_name" : "Calsos CSDX and CSDJ series products",
"version" : {
"version_data" : [
{
"version_value" : "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
}
]
},
"product_name": "Calsos CSDX and CSDJ series products"
}
}
]
},
@ -42,11 +27,17 @@
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0614",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -58,5 +49,19 @@
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
"refsource" : "CONFIRM",
"url" : "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
},
{
"name" : "JVN#63895206",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN63895206/index.html"
}
]
}
}

55
2018/0xxx/CVE-2018-0617.json
View File

@ -1,24 +1,9 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.chama.ne.jp/download/etc/memo/index.htm"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0617",
"STATE" : "PUBLIC"
},
{
"url": "http://jvn.jp/en/jp/JVN58362455/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -26,14 +11,14 @@
"product" : {
"product_data" : [
{
"product_name" : "MemoCGI",
"version" : {
"version_data" : [
{
"version_value" : "v2.1800 to v2.2200"
}
]
},
"product_name": "MemoCGI"
}
}
]
},
@ -42,11 +27,17 @@
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0617",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -58,5 +49,19 @@
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.chama.ne.jp/download/etc/memo/index.htm",
"refsource" : "CONFIRM",
"url" : "http://www.chama.ne.jp/download/etc/memo/index.htm"
},
{
"name" : "JVN#58362455",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN58362455/index.html"
}
]
}
}

55
2018/0xxx/CVE-2018-0618.json
View File

@ -1,24 +1,9 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0618",
"STATE" : "PUBLIC"
},
{
"url": "http://jvn.jp/en/jp/JVN00846677/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -26,14 +11,14 @@
"product" : {
"product_data" : [
{
"product_name" : "Mailman",
"version" : {
"version_data" : [
{
"version_value" : "2.1.26 and earlier"
}
]
},
"product_name": "Mailman"
}
}
]
},
@ -42,11 +27,17 @@
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0618",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -58,5 +49,19 @@
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[mailman-announce] 20180622 Mailman 2.1.27 released",
"refsource" : "MLIST",
"url" : "https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html"
},
{
"name" : "JVN#00846677",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN00846677/index.html"
}
]
}
}

50
2018/0xxx/CVE-2018-0619.json
View File

@ -1,24 +1,9 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.glarysoft.com/"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0619",
"STATE" : "PUBLIC"
},
{
"url": "http://jvn.jp/en/jp/JVN84967039/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -26,14 +11,14 @@
"product" : {
"product_data" : [
{
"product_name" : "Installer of Glary Utilities",
"version" : {
"version_data" : [
{
"version_value" : "Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier"
}
]
},
"product_name": "Installer of Glary Utilities"
}
}
]
},
@ -42,11 +27,17 @@
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0619",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -58,5 +49,14 @@
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#84967039",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN84967039/index.html"
}
]
}
}

47
2018/0xxx/CVE-2018-0620.json
View File

@ -1,21 +1,9 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://jvn.jp/en/jp/JVN52574492/index.html"
}
]
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0620",
"STATE" : "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -23,14 +11,14 @@
"product" : {
"product_data" : [
{
"product_name" : "the installer of LOGICOOL Game Software",
"version" : {
"version_data" : [
{
"version_value" : "versions before 8.87.116"
}
]
},
"product_name": "the installer of LOGICOOL Game Software"
}
}
]
},
@ -39,11 +27,17 @@
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0620",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -55,5 +49,14 @@
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#52574492",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52574492/index.html"
}
]
}
}

47
2018/0xxx/CVE-2018-0621.json
View File

@ -1,21 +1,9 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://jvn.jp/en/jp/JVN52574492/index.html"
}
]
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0621",
"STATE" : "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -23,14 +11,14 @@
"product" : {
"product_data" : [
{
"product_name" : "the installer of LOGICOOL CONNECTION UTILITY SOFTWARE",
"version" : {
"version_data" : [
{
"version_value" : "versions before 2.30.9"
}
]
},
"product_name": "the installer of LOGICOOL CONNECTION UTILITY SOFTWARE"
}
}
]
},
@ -39,11 +27,17 @@
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0621",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -55,5 +49,14 @@
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#52574492",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52574492/index.html"
}
]
}
}

50
2018/0xxx/CVE-2018-0622.json
View File

@ -1,24 +1,9 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://top.dhc.co.jp/contents/all/sph/app/"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0622",
"STATE" : "PUBLIC"
},
{
"url": "http://jvn.jp/en/jp/JVN77409513/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"data_type": "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -26,14 +11,14 @@
"product" : {
"product_data" : [
{
"product_name" : "DHC Online Shop App for Android",
"version" : {
"version_data" : [
{
"version_value" : "version 3.2.0 and earlier"
}
]
},
"product_name": "DHC Online Shop App for Android"
}
}
]
},
@ -42,11 +27,17 @@
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0622",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
@ -58,5 +49,14 @@
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#77409513",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN77409513/index.html"
}
]
}
}

86
2018/10xxx/CVE-2018-10901.json
View File

@ -1,4 +1,43 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-10901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "kernel:",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges."
}
]
},
"impact" : {
"cvss" : [
[
@ -9,39 +48,6 @@
]
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
},
"product_name": "kernel:"
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"problemtype" : {
"problemtype_data" : [
{
@ -54,18 +60,18 @@
}
]
},
"data_version": "4.0",
"references" : {
"reference_data" : [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901",
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901",
"refsource" : "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901"
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901"
},
{
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36",
"refsource" : "CONFIRM",
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2018-10901",
"ASSIGNER": "lpardo@redhat.com"
}
}