diff --git a/2018/11xxx/CVE-2018-11375.json b/2018/11xxx/CVE-2018-11375.json index b6c64498e71..13450895711 100644 --- a/2018/11xxx/CVE-2018-11375.json +++ b/2018/11xxx/CVE-2018-11375.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11375", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68" + }, + { + "name" : "https://github.com/radare/radare2/issues/9928", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/issues/9928" } ] } diff --git a/2018/11xxx/CVE-2018-11376.json b/2018/11xxx/CVE-2018-11376.json index aeb9dc8397c..5ab144f8bc0 100644 --- a/2018/11xxx/CVE-2018-11376.json +++ b/2018/11xxx/CVE-2018-11376.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11376", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf" + }, + { + "name" : "https://github.com/radare/radare2/issues/9904", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/issues/9904" } ] } diff --git a/2018/11xxx/CVE-2018-11377.json b/2018/11xxx/CVE-2018-11377.json index ab4c84732d1..de81fb510a1 100644 --- a/2018/11xxx/CVE-2018-11377.json +++ b/2018/11xxx/CVE-2018-11377.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11377", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4" + }, + { + "name" : "https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422" + }, + { + "name" : "https://github.com/radare/radare2/issues/9901", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/issues/9901" } ] } diff --git a/2018/11xxx/CVE-2018-11378.json b/2018/11xxx/CVE-2018-11378.json index 58e9a3e2d51..51bc341ca17 100644 --- a/2018/11xxx/CVE-2018-11378.json +++ b/2018/11xxx/CVE-2018-11378.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11378", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7" + }, + { + "name" : "https://github.com/radare/radare2/issues/9969", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/issues/9969" } ] } diff --git a/2018/11xxx/CVE-2018-11379.json b/2018/11xxx/CVE-2018-11379.json index 9a6b09a40fa..d3135137580 100644 --- a/2018/11xxx/CVE-2018-11379.json +++ b/2018/11xxx/CVE-2018-11379.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11379", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c" + }, + { + "name" : "https://github.com/radare/radare2/issues/9926", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/issues/9926" } ] } diff --git a/2018/11xxx/CVE-2018-11380.json b/2018/11xxx/CVE-2018-11380.json index c4bba2c8f36..2fc8cd85284 100644 --- a/2018/11xxx/CVE-2018-11380.json +++ b/2018/11xxx/CVE-2018-11380.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11380", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134" + }, + { + "name" : "https://github.com/radare/radare2/issues/9970", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/issues/9970" } ] } diff --git a/2018/11xxx/CVE-2018-11381.json b/2018/11xxx/CVE-2018-11381.json index 9f56982607a..bbbb8812fbb 100644 --- a/2018/11xxx/CVE-2018-11381.json +++ b/2018/11xxx/CVE-2018-11381.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11381", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3" + }, + { + "name" : "https://github.com/radare/radare2/issues/9902", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/issues/9902" } ] } diff --git a/2018/11xxx/CVE-2018-11382.json b/2018/11xxx/CVE-2018-11382.json index 2568c5b4c3c..694ec184d8c 100644 --- a/2018/11xxx/CVE-2018-11382.json +++ b/2018/11xxx/CVE-2018-11382.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11382", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff" + }, + { + "name" : "https://github.com/radare/radare2/issues/10091", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/issues/10091" } ] } diff --git a/2018/11xxx/CVE-2018-11383.json b/2018/11xxx/CVE-2018-11383.json index fb13673e3be..e9f7efb6ba6 100644 --- a/2018/11xxx/CVE-2018-11383.json +++ b/2018/11xxx/CVE-2018-11383.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11383", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a" + }, + { + "name" : "https://github.com/radare/radare2/issues/9943", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/issues/9943" } ] } diff --git a/2018/11xxx/CVE-2018-11384.json b/2018/11xxx/CVE-2018-11384.json index e7dbf626ebb..f4c781a7d4b 100644 --- a/2018/11xxx/CVE-2018-11384.json +++ b/2018/11xxx/CVE-2018-11384.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-11384", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add" + }, + { + "name" : "https://github.com/radare/radare2/issues/9903", + "refsource" : "MISC", + "url" : "https://github.com/radare/radare2/issues/9903" } ] } diff --git a/2018/6xxx/CVE-2018-6492.json b/2018/6xxx/CVE-2018-6492.json index 0d206f30a12..741e2a73a8c 100644 --- a/2018/6xxx/CVE-2018-6492.json +++ b/2018/6xxx/CVE-2018-6492.json @@ -1,113 +1,113 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@microfocus.com", - "DATE_PUBLIC": "2018-05-09T19:01:00.000Z", - "ID": "CVE-2018-6492", - "STATE": "PUBLIC", - "TITLE": "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities" + "CVE_data_meta" : { + "ASSIGNER" : "security@microfocus.com", + "DATE_PUBLIC" : "2018-05-09T19:01:00.000Z", + "ID" : "CVE-2018-6492", + "STATE" : "PUBLIC", + "TITLE" : "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Network Operations Management Ultimate", - "version": { - "version_data": [ + "product_name" : "Network Operations Management Ultimate", + "version" : { + "version_data" : [ { - "version_value": "2017.07, 2017.11, 2018.02" + "version_value" : "2017.07, 2017.11, 2018.02" } ] } }, { - "product_name": "Network Automation", - "version": { - "version_data": [ + "product_name" : "Network Automation", + "version" : { + "version_data" : [ { - "version_value": "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50" + "version_value" : "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50" } ] } } ] }, - "vendor_name": "Micro Focus" + "vendor_name" : "Micro Focus" } ] } }, - "credit": [ + "credit" : [ { - "lang": "eng", - "value": "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com." + "lang" : "eng", + "value" : "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com." } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "Persistent Cross-Site Scripting, and non-persistent HTML Injection in Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection. \n\n" + "lang" : "eng", + "value" : "Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection." } ] }, - "exploit": [ + "exploit" : [ { - "lang": "eng", - "value": "Remote Cross-Site Scripting (XSS)" + "lang" : "eng", + "value" : "Remote Cross-Site Scripting (XSS)" } ], - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.7, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "HIGH", + "attackVector" : "NETWORK", + "availabilityImpact" : "NONE", + "baseScore" : 4.7, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "LOW", + "integrityImpact" : "LOW", + "privilegesRequired" : "NONE", + "scope" : "CHANGED", + "userInteraction" : "REQUIRED", + "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Remote Cross-Site Scripting (XSS)" + "lang" : "eng", + "value" : "Remote Cross-Site Scripting (XSS)" } ] }, { - "description": [ + "description" : [ { - "lang": "eng", - "value": "non-persistent HTML Injection" + "lang" : "eng", + "value" : "non-persistent HTML Injection" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "CONFIRM", - "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014" + "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014", + "refsource" : "CONFIRM", + "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } } - diff --git a/2018/6xxx/CVE-2018-6493.json b/2018/6xxx/CVE-2018-6493.json index af84f7e371b..c2ee00393fc 100644 --- a/2018/6xxx/CVE-2018-6493.json +++ b/2018/6xxx/CVE-2018-6493.json @@ -1,104 +1,105 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@microfocus.com", - "DATE_PUBLIC": "2018-05-09T19:01:00.000Z", - "ID": "CVE-2018-6493", - "STATE": "PUBLIC", - "TITLE": "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities" + "CVE_data_meta" : { + "ASSIGNER" : "security@microfocus.com", + "DATE_PUBLIC" : "2018-05-09T19:01:00.000Z", + "ID" : "CVE-2018-6493", + "STATE" : "PUBLIC", + "TITLE" : "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Network Operations Management Ultimate", - "version": { - "version_data": [ + "product_name" : "Network Operations Management Ultimate", + "version" : { + "version_data" : [ { - "version_value": "2017.07, 2017.11, 2018.02" + "version_value" : "2017.07, 2017.11, 2018.02" } ] } }, { - "product_name": "Network Automation", - "version": { - "version_data": [ + "product_name" : "Network Automation", + "version" : { + "version_data" : [ { - "version_value": "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50" + "version_value" : "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50" } ] } } ] }, - "vendor_name": "Micro Focus" + "vendor_name" : "Micro Focus" } ] } }, - "credit": [ + "credit" : [ { - "lang": "eng", - "value": "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com." + "lang" : "eng", + "value" : "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com." } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "SQL Injection in Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. \n" + "lang" : "eng", + "value" : "SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection." } ] }, - "exploit": [ + "exploit" : [ { - "lang": "eng", - "value": "SQL Injection" + "lang" : "eng", + "value" : "SQL Injection" } ], - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "HIGH", + "attackVector" : "NETWORK", + "availabilityImpact" : "NONE", + "baseScore" : 8.7, + "baseSeverity" : "HIGH", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "HIGH", + "privilegesRequired" : "NONE", + "scope" : "CHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "SQL Injection" + "lang" : "eng", + "value" : "SQL Injection" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "CONFIRM", - "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014" + "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014", + "refsource" : "CONFIRM", + "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } }