admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-11-15 10:07:53 -05:00
parent a95f085bea
commit 77eef47f75
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
24 changed files with 1648 additions and 1512 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
2018/0xxx/CVE-2018-0673.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://cs.cybozu.co.jp/2018/006717.html"
},
{
"url": "http://jvn.jp/en/jp/JVN12583112/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "3.5.0 to 4.6.3"
}
]
},
"product_name": "Cybozu Garoon"
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0673",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0673",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Garoon",
"version" : {
"version_data" : [
{
"version_value" : "3.5.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name" : "Cybozu, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cs.cybozu.co.jp/2018/006717.html",
"refsource" : "MISC",
"url" : "https://cs.cybozu.co.jp/2018/006717.html"
},
{
"name" : "JVN#12583112",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN12583112/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0679.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.fxc.jp/news/20171228.html"
},
{
"url": "http://jvn.jp/en/jp/JVN68528150/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions"
}
]
},
"product_name": "multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions)"
}
]
},
"vendor_name": "FXC Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0679",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions)",
"version" : {
"version_data" : [
{
"version_value" : "Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions"
}
]
}
}
]
},
"vendor_name" : "FXC Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.fxc.jp/news/20171228.html",
"refsource" : "MISC",
"url" : "https://www.fxc.jp/news/20171228.html"
},
{
"name" : "JVN#68528150",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN68528150/index.html"
}
]
}
}

137
2018/0xxx/CVE-2018-0680.json
View File

@ -1,65 +1,72 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0680",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0680",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"vendor_name" : "NEOJAPAN Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Hard-coded Credentials"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.denbun.com/en/imap/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"name" : "https://www.denbun.com/en/pop/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"name" : "JVN#00344155",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
}
}

137
2018/0xxx/CVE-2018-0681.json
View File

@ -1,65 +1,72 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to login to the Management page and change the configuration."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0681",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0681",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)",
"version" : {
"version_data" : [
{
"version_value" : "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "NEOJAPAN Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to login to the Management page and change the configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Hard-coded Credentials"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.denbun.com/en/imap/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"name" : "https://www.denbun.com/en/pop/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"name" : "JVN#00344155",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
}
}

137
2018/0xxx/CVE-2018-0682.json
View File

@ -1,65 +1,72 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0682",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to manage sessions"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0682",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)",
"version" : {
"version_data" : [
{
"version_value" : "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "NEOJAPAN Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to manage sessions"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.denbun.com/en/imap/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"name" : "https://www.denbun.com/en/pop/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"name" : "JVN#00344155",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
}
}

137
2018/0xxx/CVE-2018-0683.json
View File

@ -1,65 +1,72 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via Cookie data."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0683",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)",
"version" : {
"version_data" : [
{
"version_value" : "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "NEOJAPAN Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via Cookie data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.denbun.com/en/imap/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"name" : "https://www.denbun.com/en/pop/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"name" : "JVN#00344155",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
}
}

137
2018/0xxx/CVE-2018-0684.json
View File

@ -1,65 +1,72 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via multipart/form-data format data."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier"
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0684",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0684",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier)",
"version" : {
"version_data" : [
{
"version_value" : "Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "NEOJAPAN Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via multipart/form-data format data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.denbun.com/en/imap/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"name" : "https://www.denbun.com/en/pop/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"name" : "JVN#00344155",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
}
}

137
2018/0xxx/CVE-2018-0685.json
View File

@ -1,65 +1,72 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R4.0 and earlier"
}
]
},
"product_name": "Denbun POP version V3.3P R4.0 and earlier"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0685",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Denbun POP version V3.3P R4.0 and earlier",
"version" : {
"version_data" : [
{
"version_value" : "Denbun POP version V3.3P R4.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "NEOJAPAN Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.denbun.com/en/imap/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"name" : "https://www.denbun.com/en/pop/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"name" : "JVN#00344155",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
}
}

137
2018/0xxx/CVE-2018-0686.json
View File

@ -1,65 +1,72 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0686",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0686",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)",
"version" : {
"version_data" : [
{
"version_value" : "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "NEOJAPAN Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.denbun.com/en/imap/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"name" : "https://www.denbun.com/en/pop/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"name" : "JVN#00344155",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
}
}

137
2018/0xxx/CVE-2018-0687.json
View File

@ -1,65 +1,72 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
},
"product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)"
}
]
},
"vendor_name": "NEOJAPAN Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0687",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)",
"version" : {
"version_data" : [
{
"version_value" : "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "NEOJAPAN Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.denbun.com/en/imap/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/imap/support/security/181003.html"
},
{
"name" : "https://www.denbun.com/en/pop/support/security/181003.html",
"refsource" : "MISC",
"url" : "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"name" : "JVN#00344155",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN00344155/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0690.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://musiccenter.sony.net/en/downloads/update.php"
},
{
"url": "http://jvn.jp/en/jp/JVN36623716/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "version 1.0.02 and earlier"
}
]
},
"product_name": "Music Center for PC"
}
]
},
"vendor_name": "Sony Video & Sound Products Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0690",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code injection"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0690",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Music Center for PC",
"version" : {
"version_data" : [
{
"version_value" : "version 1.0.02 and earlier"
}
]
}
}
]
},
"vendor_name" : "Sony Video & Sound Products Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Code injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://musiccenter.sony.net/en/downloads/update.php",
"refsource" : "MISC",
"url" : "https://musiccenter.sony.net/en/downloads/update.php"
},
{
"name" : "JVN#36623716",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN36623716/index.html"
}
]
}
}

145
2018/0xxx/CVE-2018-0691.json
View File

@ -1,68 +1,77 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.softbank.jp/mobile/info/personal/news/service/20180927a/"
},
{
"url": "https://www.nttdocomo.co.jp/info/notice/page/180927_00.html"
},
{
"url": "https://www.au.com/information/notice_mobile/service/2018-002/"
},
{
"url": "http://jvn.jp/en/jp/JVN37288228/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23"
}
]
},
"product_name": "Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23)"
}
]
},
"vendor_name": "Softbank, NTT docomo, KDDI"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0691",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0691",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23)",
"version" : {
"version_data" : [
{
"version_value" : "Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23"
}
]
}
}
]
},
"vendor_name" : "Softbank, NTT docomo, KDDI"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to verify SSL certificates"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.au.com/information/notice_mobile/service/2018-002/",
"refsource" : "MISC",
"url" : "https://www.au.com/information/notice_mobile/service/2018-002/"
},
{
"name" : "https://www.nttdocomo.co.jp/info/notice/page/180927_00.html",
"refsource" : "MISC",
"url" : "https://www.nttdocomo.co.jp/info/notice/page/180927_00.html"
},
{
"name" : "https://www.softbank.jp/mobile/info/personal/news/service/20180927a/",
"refsource" : "MISC",
"url" : "https://www.softbank.jp/mobile/info/personal/news/service/20180927a/"
},
{
"name" : "JVN#37288228",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN37288228/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0692.json
View File

@ -1,59 +1,62 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://jvn.jp/en/jp/JVN77885134/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Version 43.23.1000.500 and earlier"
}
]
},
"product_name": "Baidu Browser"
}
]
},
"vendor_name": "Baidu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0692",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Baidu Browser",
"version" : {
"version_data" : [
{
"version_value" : "Version 43.23.1000.500 and earlier"
}
]
}
}
]
},
"vendor_name" : "Baidu, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#77885134",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN77885134/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0693.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.soliton.co.jp/support/2018/003328.html"
},
{
"url": "http://jvn.jp/en/jp/JVN95355683/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbtrary file in the specific directory in FileZen via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "V3.0.0 to V4.2.1"
}
]
},
"product_name": "FileZen"
}
]
},
"vendor_name": "Soliton Systems K.K."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0693",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FileZen",
"version" : {
"version_data" : [
{
"version_value" : "V3.0.0 to V4.2.1"
}
]
}
}
]
},
"vendor_name" : "Soliton Systems K.K."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbtrary file in the specific directory in FileZen via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.soliton.co.jp/support/2018/003328.html",
"refsource" : "MISC",
"url" : "https://www.soliton.co.jp/support/2018/003328.html"
},
{
"name" : "JVN#95355683",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN95355683/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0694.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.soliton.co.jp/support/2018/003328.html"
},
{
"url": "http://jvn.jp/en/jp/JVN95355683/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "V3.0.0 to V4.2.1"
}
]
},
"product_name": "FileZen"
}
]
},
"vendor_name": "Soliton Systems K.K."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0694",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FileZen",
"version" : {
"version_data" : [
{
"version_value" : "V3.0.0 to V4.2.1"
}
]
}
}
]
},
"vendor_name" : "Soliton Systems K.K."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.soliton.co.jp/support/2018/003328.html",
"refsource" : "MISC",
"url" : "https://www.soliton.co.jp/support/2018/003328.html"
},
{
"name" : "JVN#95355683",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN95355683/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0695.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.usvn.info/2018/10/02/usvn-1.0.8"
},
{
"url": "http://jvn.jp/en/jp/JVN73794686/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Version 1.0.7 and earlier"
}
]
},
"product_name": "User-friendly SVN (USVN)"
}
]
},
"vendor_name": "USVN Team"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0695",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "User-friendly SVN (USVN)",
"version" : {
"version_data" : [
{
"version_value" : "Version 1.0.7 and earlier"
}
]
}
}
]
},
"vendor_name" : "USVN Team"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.usvn.info/2018/10/02/usvn-1.0.8",
"refsource" : "MISC",
"url" : "http://www.usvn.info/2018/10/02/usvn-1.0.8"
},
{
"name" : "JVN#73794686",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN73794686/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0697.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://metabase.com/"
},
{
"url": "http://jvn.jp/en/jp/JVN14323043/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "version 0.29.3 and earlier"
}
]
},
"product_name": "Metabase"
}
]
},
"vendor_name": "Metabase, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0697",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0697",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Metabase",
"version" : {
"version_data" : [
{
"version_value" : "version 0.29.3 and earlier"
}
]
}
}
]
},
"vendor_name" : "Metabase, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://metabase.com/",
"refsource" : "MISC",
"url" : "https://metabase.com/"
},
{
"name" : "JVN#14323043",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN14323043/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0699.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.hyuki.com/yukiwiki/"
},
{
"url": "http://jvn.jp/en/jp/JVN36343375/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.1.3 and earlier"
}
]
},
"product_name": "YukiWiki"
}
]
},
"vendor_name": "Hiroshi Yuki"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0699",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "YukiWiki",
"version" : {
"version_data" : [
{
"version_value" : "2.1.3 and earlier"
}
]
}
}
]
},
"vendor_name" : "Hiroshi Yuki"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hyuki.com/yukiwiki/",
"refsource" : "MISC",
"url" : "http://www.hyuki.com/yukiwiki/"
},
{
"name" : "JVN#36343375",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN36343375/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0700.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.hyuki.com/yukiwiki/"
},
{
"url": "http://jvn.jp/en/jp/JVN36343375/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.1.3 and earlier"
}
]
},
"product_name": "YukiWiki"
}
]
},
"vendor_name": "Hiroshi Yuki"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0700",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "YukiWiki",
"version" : {
"version_data" : [
{
"version_value" : "2.1.3 and earlier"
}
]
}
}
]
},
"vendor_name" : "Hiroshi Yuki"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial-of-service (DoS)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hyuki.com/yukiwiki/",
"refsource" : "MISC",
"url" : "http://www.hyuki.com/yukiwiki/"
},
{
"name" : "JVN#36343375",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN36343375/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0701.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://support.bluestacks.com/hc/en-us/articles/360018274091"
},
{
"url": "http://jvn.jp/en/jp/JVN60702986/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later)"
}
]
},
"product_name": "BlueStacks App Player"
}
]
},
"vendor_name": "BlueStacks"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0701",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0701",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BlueStacks App Player",
"version" : {
"version_data" : [
{
"version_value" : "(BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later)"
}
]
}
}
]
},
"vendor_name" : "BlueStacks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to restrict access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.bluestacks.com/hc/en-us/articles/360018274091",
"refsource" : "MISC",
"url" : "https://support.bluestacks.com/hc/en-us/articles/360018274091"
},
{
"name" : "JVN#60702986",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN60702986/index.html"
}
]
}
}

121
2018/16xxx/CVE-2018-16160.json
View File

@ -1,59 +1,62 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://jvn.jp/en/jp/JVN21528670/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Version 2.x"
}
]
},
"product_name": "SecureCore Standard Edition"
}
]
},
"vendor_name": "Feitian Japan Co., Ltd"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-16160",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16160",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SecureCore Standard Edition",
"version" : {
"version_data" : [
{
"version_value" : "Version 2.x"
}
]
}
}
]
},
"vendor_name" : "Feitian Japan Co., Ltd"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#21528670",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN21528670/index.html"
}
]
}
}

129
2018/16xxx/CVE-2018-16161.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.opendolphin.com/security20181023.html"
},
{
"url": "http://jvn.jp/en/jp/JVN59394343/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.7.0 and earlier"
}
]
},
"product_name": "OpenDolphin"
}
]
},
"vendor_name": "Life Sciences Computing Corporation"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-16161",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OpenDolphin",
"version" : {
"version_data" : [
{
"version_value" : "2.7.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Life Sciences Computing Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege escalation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opendolphin.com/security20181023.html",
"refsource" : "MISC",
"url" : "http://www.opendolphin.com/security20181023.html"
},
{
"name" : "JVN#59394343",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN59394343/index.html"
}
]
}
}

129
2018/16xxx/CVE-2018-16162.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.opendolphin.com/security20181023.html"
},
{
"url": "http://jvn.jp/en/jp/JVN59394343/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.7.0 and earlier"
}
]
},
"product_name": "OpenDolphin"
}
]
},
"vendor_name": "Life Sciences Computing Corporation"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-16162",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16162",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OpenDolphin",
"version" : {
"version_data" : [
{
"version_value" : "2.7.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Life Sciences Computing Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opendolphin.com/security20181023.html",
"refsource" : "MISC",
"url" : "http://www.opendolphin.com/security20181023.html"
},
{
"name" : "JVN#59394343",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN59394343/index.html"
}
]
}
}

129
2018/16xxx/CVE-2018-16163.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.opendolphin.com/security20181023.html"
},
{
"url": "http://jvn.jp/en/jp/JVN59394343/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.7.0 and earlier"
}
]
},
"product_name": "OpenDolphin"
}
]
},
"vendor_name": "Life Sciences Computing Corporation"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-16163",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OpenDolphin",
"version" : {
"version_data" : [
{
"version_value" : "2.7.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Life Sciences Computing Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opendolphin.com/security20181023.html",
"refsource" : "MISC",
"url" : "http://www.opendolphin.com/security20181023.html"
},
{
"name" : "JVN#59394343",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN59394343/index.html"
}
]
}
}