diff --git a/2018/12xxx/CVE-2018-12416.json b/2018/12xxx/CVE-2018-12416.json index ec32945fd59..04ef2870a4a 100644 --- a/2018/12xxx/CVE-2018-12416.json +++ b/2018/12xxx/CVE-2018-12416.json @@ -65,7 +65,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF).\nAffected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0." + "value" : "The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0." } ] }, @@ -100,10 +100,9 @@ "references" : { "reference_data" : [ { + "name" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-13-2018-tibco-datasynapse-gridserver-manager", + "refsource" : "CONFIRM", "url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-13-2018-tibco-datasynapse-gridserver-manager" - }, - { - "url" : "http://www.tibco.com/services/support/advisories" } ] }, diff --git a/2018/14xxx/CVE-2018-14655.json b/2018/14xxx/CVE-2018-14655.json index 6a473b5d45a..e64dda4d46c 100644 --- a/2018/14xxx/CVE-2018-14655.json +++ b/2018/14xxx/CVE-2018-14655.json @@ -1,71 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-14655", - "ASSIGNER": "psampaio@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Red Hat", - "product": { - "product_data": [ - { - "product_name": "keycloak", - "version": { - "version_data": [ - { - "version_value": "3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psampaio@redhat.com", + "ID" : "CVE-2018-14655", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "keycloak", + "version" : { + "version_data" : [ + { + "version_value" : "3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final" + } + ] + } + } + ] + }, + "vendor_name" : "Red Hat" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "4.6/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-79" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.6/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655" + } + ] + } } diff --git a/2018/14xxx/CVE-2018-14657.json b/2018/14xxx/CVE-2018-14657.json index ed818c9bbf9..6ff09bcf8e8 100644 --- a/2018/14xxx/CVE-2018-14657.json +++ b/2018/14xxx/CVE-2018-14657.json @@ -1,71 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-14657", - "ASSIGNER": "psampaio@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Red Hat", - "product": { - "product_data": [ - { - "product_name": "keycloak", - "version": { - "version_data": [ - { - "version_value": "4.2.1.Final, 4.3.0.Final" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psampaio@redhat.com", + "ID" : "CVE-2018-14657", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "keycloak", + "version" : { + "version_data" : [ + { + "version_value" : "4.2.1.Final, 4.3.0.Final" + } + ] + } + } + ] + }, + "vendor_name" : "Red Hat" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-287" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-287" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657" + } + ] + } } diff --git a/2018/14xxx/CVE-2018-14658.json b/2018/14xxx/CVE-2018-14658.json index f6abdf3c242..e3d019f6824 100644 --- a/2018/14xxx/CVE-2018-14658.json +++ b/2018/14xxx/CVE-2018-14658.json @@ -1,71 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-14658", - "ASSIGNER": "psampaio@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Red Hat", - "product": { - "product_data": [ - { - "product_name": "keycloak", - "version": { - "version_data": [ - { - "version_value": "3.2.1.Final" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psampaio@redhat.com", + "ID" : "CVE-2018-14658", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "keycloak", + "version" : { + "version_data" : [ + { + "version_value" : "3.2.1.Final" + } + ] + } + } + ] + }, + "vendor_name" : "Red Hat" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack" + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-601" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-601" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verfied. This can lead to an Open Redirection attack" - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658" + } + ] + } } diff --git a/2018/7xxx/CVE-2018-7910.json b/2018/7xxx/CVE-2018-7910.json index 6e9a8c78e66..362ece8f2a9 100644 --- a/2018/7xxx/CVE-2018-7910.json +++ b/2018/7xxx/CVE-2018-7910.json @@ -53,6 +53,8 @@ "references" : { "reference_data" : [ { + "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en", + "refsource" : "CONFIRM", "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en" } ] diff --git a/2018/7xxx/CVE-2018-7925.json b/2018/7xxx/CVE-2018-7925.json index 43b73f0eb79..739c703b757 100644 --- a/2018/7xxx/CVE-2018-7925.json +++ b/2018/7xxx/CVE-2018-7925.json @@ -53,6 +53,8 @@ "references" : { "reference_data" : [ { + "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181105-01-smartphone-en", + "refsource" : "CONFIRM", "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181105-01-smartphone-en" } ] diff --git a/2018/7xxx/CVE-2018-7926.json b/2018/7xxx/CVE-2018-7926.json index d7acbbf6d52..889770d299b 100644 --- a/2018/7xxx/CVE-2018-7926.json +++ b/2018/7xxx/CVE-2018-7926.json @@ -53,6 +53,8 @@ "references" : { "reference_data" : [ { + "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-01-watch-en", + "refsource" : "CONFIRM", "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-01-watch-en" } ]