diff --git a/2017/16xxx/CVE-2017-16860.json b/2017/16xxx/CVE-2017-16860.json index 6cdf25bc54d..72a8898568c 100644 --- a/2017/16xxx/CVE-2017-16860.json +++ b/2017/16xxx/CVE-2017-16860.json @@ -1,77 +1,79 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2018-05-14T00:00:00", - "ID": "CVE-2017-16860", - "STATE": "PUBLIC" + "CVE_data_meta" : { + "ASSIGNER" : "security@atlassian.com", + "DATE_PUBLIC" : "2018-05-14T00:00:00", + "ID" : "CVE-2017-16860", + "STATE" : "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Application Links", - "version": { - "version_data": [ + "product_name" : "Application Links", + "version" : { + "version_data" : [ { - "version_value": "5.2.7", - "version_affected": "<" + "version_affected" : "<", + "version_value" : "5.2.7" }, { - "version_value": "5.3.0", - "version_affected": ">=" + "version_affected" : ">=", + "version_value" : "5.3.0" }, { - "version_value": "5.3.4", - "version_affected": "<" + "version_affected" : "<", + "version_value" : "5.3.4" }, { - "version_value": "5.4.0", - "version_affected": ">=" + "version_affected" : ">=", + "version_value" : "5.4.0" }, { - "version_value": "5.4.3", - "version_affected": "<" + "version_affected" : "<", + "version_value" : "5.4.3" } ] } } ] }, - "vendor_name": "Atlassian" + "vendor_name" : "Atlassian" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message." + "lang" : "eng", + "value" : "The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Cross Site Scripting (XSS)" + "lang" : "eng", + "value" : "Cross Site Scripting (XSS)" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://ecosystem.atlassian.net/browse/APL-1363" + "name" : "https://ecosystem.atlassian.net/browse/APL-1363", + "refsource" : "CONFIRM", + "url" : "https://ecosystem.atlassian.net/browse/APL-1363" } ] } diff --git a/2018/0xxx/CVE-2018-0568.json b/2018/0xxx/CVE-2018-0568.json index e7ae9227129..58715d08a05 100644 --- a/2018/0xxx/CVE-2018-0568.json +++ b/2018/0xxx/CVE-2018-0568.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt" - }, - { - "url": "http://jvn.jp/en/jp/JVN95589314/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Unrestricted file upload vulnerability in Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "Joruri Gw Ver 3.2.0 and earlier" - } - ] - }, - "product_name": "Joruri Gw" - } - ] - }, - "vendor_name": "SiteBridge Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0568", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Unrestricted file upload vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0568", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Joruri Gw", + "version" : { + "version_data" : [ + { + "version_value" : "Joruri Gw Ver 3.2.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "SiteBridge Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Unrestricted file upload vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt", + "refsource" : "MISC", + "url" : "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt" + }, + { + "name" : "JVN#95589314", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN95589314/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0576.json b/2018/0xxx/CVE-2018-0576.json index bfae901c0ff..f018f07675d 100644 --- a/2018/0xxx/CVE-2018-0576.json +++ b/2018/0xxx/CVE-2018-0576.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/events-manager/#developers" - }, - { - "url": "http://jvn.jp/en/jp/JVN85531148/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in Events Manager prior to version 5.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "prior to version 5.9" - } - ] - }, - "product_name": "Events Manager" - } - ] - }, - "vendor_name": "NetWebLogic" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0576", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0576", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Events Manager", + "version" : { + "version_data" : [ + { + "version_value" : "prior to version 5.9" + } + ] + } + } + ] + }, + "vendor_name" : "NetWebLogic" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/events-manager/#developers", + "refsource" : "CONFIRM", + "url" : "https://wordpress.org/plugins/events-manager/#developers" + }, + { + "name" : "JVN#85531148", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN85531148/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0577.json b/2018/0xxx/CVE-2018-0577.json index 11deb0e06e5..964b8135300 100644 --- a/2018/0xxx/CVE-2018-0577.json +++ b/2018/0xxx/CVE-2018-0577.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/wp-google-map-plugin/#developers" - }, - { - "url": "http://jvn.jp/en/jp/JVN01040170/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "prior to version 4.0.4" - } - ] - }, - "product_name": "WP Google Map Plugin" - } - ] - }, - "vendor_name": "Flipper Code" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0577", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0577", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "WP Google Map Plugin", + "version" : { + "version_data" : [ + { + "version_value" : "prior to version 4.0.4" + } + ] + } + } + ] + }, + "vendor_name" : "Flipper Code" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers", + "refsource" : "MISC", + "url" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers" + }, + { + "name" : "JVN#01040170", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN01040170/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0578.json b/2018/0xxx/CVE-2018-0578.json index 59b552ca891..f9512ff882c 100644 --- a/2018/0xxx/CVE-2018-0578.json +++ b/2018/0xxx/CVE-2018-0578.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/pixelyoursite/#developers" - }, - { - "url": "http://jvn.jp/en/jp/JVN61081552/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in PixelYourSite prior to version 5.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "prior to version 5.3.0" - } - ] - }, - "product_name": "PixelYourSite" - } - ] - }, - "vendor_name": "Minimal Work SRL" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0578", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0578", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "PixelYourSite", + "version" : { + "version_data" : [ + { + "version_value" : "prior to version 5.3.0" + } + ] + } + } + ] + }, + "vendor_name" : "Minimal Work SRL" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/pixelyoursite/#developers", + "refsource" : "CONFIRM", + "url" : "https://wordpress.org/plugins/pixelyoursite/#developers" + }, + { + "name" : "JVN#61081552", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN61081552/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0579.json b/2018/0xxx/CVE-2018-0579.json index 480cb74244d..bf077d7ef07 100644 --- a/2018/0xxx/CVE-2018-0579.json +++ b/2018/0xxx/CVE-2018-0579.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers" - }, - { - "url": "http://jvn.jp/en/jp/JVN08386386/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags prior to version 2.2.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "prior to version 2.2.4.1" - } - ] - }, - "product_name": "Open Graph for Facebook, Google+ and Twitter Card Tags" - } - ] - }, - "vendor_name": "Webdados" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0579", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0579", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Open Graph for Facebook, Google+ and Twitter Card Tags", + "version" : { + "version_data" : [ + { + "version_value" : "prior to version 2.2.4.1" + } + ] + } + } + ] + }, + "vendor_name" : "Webdados" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers", + "refsource" : "CONFIRM", + "url" : "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers" + }, + { + "name" : "JVN#08386386", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN08386386/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0580.json b/2018/0xxx/CVE-2018-0580.json index 2de802f5d2e..819c4ebc35b 100644 --- a/2018/0xxx/CVE-2018-0580.json +++ b/2018/0xxx/CVE-2018-0580.json @@ -1,62 +1,72 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "http://www.clipstudio.net/en/dl" - }, - { - "url": "https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_win" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "(CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49)" - } - ] - }, - "product_name": "CLIP STUDIO series" - } - ] - }, - "vendor_name": "CELSYS, Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0580", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0580", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "CLIP STUDIO series", + "version" : { + "version_data" : [ + { + "version_value" : "(CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49)" + } + ] + } + } + ] + }, + "vendor_name" : "CELSYS, Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.clipstudio.net/en/dl", + "refsource" : "MISC", + "url" : "http://www.clipstudio.net/en/dl" + }, + { + "name" : "https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_win", + "refsource" : "MISC", + "url" : "https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_win" + }, + { + "name" : "JVN#68345747", + "refsource" : "JVN", + "url" : "https://jvn.jp/en/jp/JVN68345747/" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0581.json b/2018/0xxx/CVE-2018-0581.json index 6bf0e7d9efb..7f899137626 100644 --- a/2018/0xxx/CVE-2018-0581.json +++ b/2018/0xxx/CVE-2018-0581.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/" - }, - { - "url": "http://jvn.jp/en/jp/JVN33901663/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "Firmware version prior to 3.0.0.4.378.9383" - } - ] - }, - "product_name": "RT-AC87U" - } - ] - }, - "vendor_name": "ASUS Japan Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0581", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0581", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "RT-AC87U", + "version" : { + "version_data" : [ + { + "version_value" : "Firmware version prior to 3.0.0.4.378.9383" + } + ] + } + } + ] + }, + "vendor_name" : "ASUS Japan Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/", + "refsource" : "MISC", + "url" : "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/" + }, + { + "name" : "JVN#33901663", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN33901663/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0582.json b/2018/0xxx/CVE-2018-0582.json index 83b17f63a53..a2af0a77969 100644 --- a/2018/0xxx/CVE-2018-0582.json +++ b/2018/0xxx/CVE-2018-0582.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/" - }, - { - "url": "http://jvn.jp/en/jp/JVN73742314/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "Firmware version prior to 3.0.0.4.380.1031" - } - ] - }, - "product_name": "RT-AC68U" - } - ] - }, - "vendor_name": "ASUS Japan Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0582", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0582", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "RT-AC68U", + "version" : { + "version_data" : [ + { + "version_value" : "Firmware version prior to 3.0.0.4.380.1031" + } + ] + } + } + ] + }, + "vendor_name" : "ASUS Japan Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/", + "refsource" : "MISC", + "url" : "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/" + }, + { + "name" : "JVN#73742314", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN73742314/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0583.json b/2018/0xxx/CVE-2018-0583.json index e9789ce6453..2f10dbbfb5c 100644 --- a/2018/0xxx/CVE-2018-0583.json +++ b/2018/0xxx/CVE-2018-0583.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/" - }, - { - "url": "http://jvn.jp/en/jp/JVN34562916/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "Firmware version prior to 3.0.0.4.380.4180" - } - ] - }, - "product_name": "RT-AC1200HP" - } - ] - }, - "vendor_name": "ASUS Japan Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0583", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0583", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "RT-AC1200HP", + "version" : { + "version_data" : [ + { + "version_value" : "Firmware version prior to 3.0.0.4.380.4180" + } + ] + } + } + ] + }, + "vendor_name" : "ASUS Japan Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/", + "refsource" : "MISC", + "url" : "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/" + }, + { + "name" : "JVN#34562916", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN34562916/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0585.json b/2018/0xxx/CVE-2018-0585.json index c8508a7d94e..08e5f9754d1 100644 --- a/2018/0xxx/CVE-2018-0585.json +++ b/2018/0xxx/CVE-2018-0585.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/ultimate-member/#developers" - }, - { - "url": "http://jvn.jp/en/jp/JVN28804532/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in Ultimate Member prior to version 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "prior to version 2.0.4" - } - ] - }, - "product_name": "Ultimate Member" - } - ] - }, - "vendor_name": "Ultimate Member" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0585", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0585", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Ultimate Member", + "version" : { + "version_data" : [ + { + "version_value" : "prior to version 2.0.4" + } + ] + } + } + ] + }, + "vendor_name" : "Ultimate Member" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/ultimate-member/#developers", + "refsource" : "CONFIRM", + "url" : "https://wordpress.org/plugins/ultimate-member/#developers" + }, + { + "name" : "JVN#28804532", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN28804532/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0586.json b/2018/0xxx/CVE-2018-0586.json index 8201cc388a6..78120eee1c8 100644 --- a/2018/0xxx/CVE-2018-0586.json +++ b/2018/0xxx/CVE-2018-0586.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/ultimate-member/#developers" - }, - { - "url": "http://jvn.jp/en/jp/JVN28804532/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Directory traversal vulnerability in the shortcodes function of Ultimate Member prior to version 2.0.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "prior to version 2.0.4" - } - ] - }, - "product_name": "Ultimate Member" - } - ] - }, - "vendor_name": "Ultimate Member" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0586", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Directory traversal" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0586", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Ultimate Member", + "version" : { + "version_data" : [ + { + "version_value" : "prior to version 2.0.4" + } + ] + } + } + ] + }, + "vendor_name" : "Ultimate Member" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Directory traversal" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/ultimate-member/#developers", + "refsource" : "CONFIRM", + "url" : "https://wordpress.org/plugins/ultimate-member/#developers" + }, + { + "name" : "JVN#28804532", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN28804532/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0587.json b/2018/0xxx/CVE-2018-0587.json index b2d08dca923..b7060ac3691 100644 --- a/2018/0xxx/CVE-2018-0587.json +++ b/2018/0xxx/CVE-2018-0587.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/ultimate-member/#developers" - }, - { - "url": "http://jvn.jp/en/jp/JVN28804532/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Unrestricted file upload vulnerability in Ultimate Member prior to version 2.0.4 allows remote authenticated users to upload arbitrary image files via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "prior to version 2.0.4" - } - ] - }, - "product_name": "Ultimate Member" - } - ] - }, - "vendor_name": "Ultimate Member" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0587", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Unrestricted file upload vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0587", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Ultimate Member", + "version" : { + "version_data" : [ + { + "version_value" : "prior to version 2.0.4" + } + ] + } + } + ] + }, + "vendor_name" : "Ultimate Member" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Unrestricted file upload vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/ultimate-member/#developers", + "refsource" : "CONFIRM", + "url" : "https://wordpress.org/plugins/ultimate-member/#developers" + }, + { + "name" : "JVN#28804532", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN28804532/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0588.json b/2018/0xxx/CVE-2018-0588.json index e9ee16e91be..3661ad3658c 100644 --- a/2018/0xxx/CVE-2018-0588.json +++ b/2018/0xxx/CVE-2018-0588.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/ultimate-member/#developers" - }, - { - "url": "http://jvn.jp/en/jp/JVN28804532/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Directory traversal vulnerability in the AJAX function of Ultimate Member prior to version 2.0.4 allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "prior to version 2.0.4" - } - ] - }, - "product_name": "Ultimate Member" - } - ] - }, - "vendor_name": "Ultimate Member" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0588", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Directory traversal" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0588", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Ultimate Member", + "version" : { + "version_data" : [ + { + "version_value" : "prior to version 2.0.4" + } + ] + } + } + ] + }, + "vendor_name" : "Ultimate Member" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Directory traversal" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/ultimate-member/#developers", + "refsource" : "CONFIRM", + "url" : "https://wordpress.org/plugins/ultimate-member/#developers" + }, + { + "name" : "JVN#28804532", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN28804532/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0589.json b/2018/0xxx/CVE-2018-0589.json index 384ea3579f2..4512e10deb1 100644 --- a/2018/0xxx/CVE-2018-0589.json +++ b/2018/0xxx/CVE-2018-0589.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/ultimate-member/#developers" - }, - { - "url": "http://jvn.jp/en/jp/JVN28804532/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Ultimate Member prior to version 2.0.4 allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "prior to version 2.0.4" - } - ] - }, - "product_name": "Ultimate Member" - } - ] - }, - "vendor_name": "Ultimate Member" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0589", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Fails to restrict access" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0589", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Ultimate Member", + "version" : { + "version_data" : [ + { + "version_value" : "prior to version 2.0.4" + } + ] + } + } + ] + }, + "vendor_name" : "Ultimate Member" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Fails to restrict access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/ultimate-member/#developers", + "refsource" : "CONFIRM", + "url" : "https://wordpress.org/plugins/ultimate-member/#developers" + }, + { + "name" : "JVN#28804532", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN28804532/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0590.json b/2018/0xxx/CVE-2018-0590.json index f50a650ae61..a9642da8c27 100644 --- a/2018/0xxx/CVE-2018-0590.json +++ b/2018/0xxx/CVE-2018-0590.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/ultimate-member/#developers" - }, - { - "url": "http://jvn.jp/en/jp/JVN28804532/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Ultimate Member prior to version 2.0.4 allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "prior to version 2.0.4" - } - ] - }, - "product_name": "Ultimate Member" - } - ] - }, - "vendor_name": "Ultimate Member" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0590", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Fails to restrict access" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0590", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Ultimate Member", + "version" : { + "version_data" : [ + { + "version_value" : "prior to version 2.0.4" + } + ] + } + } + ] + }, + "vendor_name" : "Ultimate Member" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Fails to restrict access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/ultimate-member/#developers", + "refsource" : "CONFIRM", + "url" : "https://wordpress.org/plugins/ultimate-member/#developers" + }, + { + "name" : "JVN#28804532", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN28804532/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0591.json b/2018/0xxx/CVE-2018-0591.json index f7eb2e5704b..2ba7bff71e6 100644 --- a/2018/0xxx/CVE-2018-0591.json +++ b/2018/0xxx/CVE-2018-0591.json @@ -1,62 +1,72 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass&hl=en" - }, - { - "url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier" - } - ] - }, - "product_name": "KINEPASS App" - } - ] - }, - "vendor_name": "T-JOY CO.,LTD." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0591", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Fails to verify SSL certificates" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0591", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "KINEPASS App", + "version" : { + "version_data" : [ + { + "version_value" : "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "T-JOY CO.,LTD." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Fails to verify SSL certificates" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8", + "refsource" : "MISC", + "url" : "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8" + }, + { + "name" : "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass&hl=en", + "refsource" : "MISC", + "url" : "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass&hl=en" + }, + { + "name" : "JVN#83671755", + "refsource" : "JVN", + "url" : "https://jvn.jp/en/jp/JVN83671755/" + } + ] + } +} diff --git a/2018/5xxx/CVE-2018-5230.json b/2018/5xxx/CVE-2018-5230.json index 73a36d1b19f..5c52dd1331b 100644 --- a/2018/5xxx/CVE-2018-5230.json +++ b/2018/5xxx/CVE-2018-5230.json @@ -1,85 +1,87 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2018-05-11T00:00:00", - "ID": "CVE-2018-5230", - "STATE": "PUBLIC" + "CVE_data_meta" : { + "ASSIGNER" : "security@atlassian.com", + "DATE_PUBLIC" : "2018-05-11T00:00:00", + "ID" : "CVE-2018-5230", + "STATE" : "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Jira", - "version": { - "version_data": [ + "product_name" : "Jira", + "version" : { + "version_data" : [ { - "version_value": "7.6.6", - "version_affected": "<" + "version_affected" : "<", + "version_value" : "7.6.6" }, { - "version_value": "7.7.0", - "version_affected": ">=" + "version_affected" : ">=", + "version_value" : "7.7.0" }, { - "version_value": "7.7.4", - "version_affected": "<" + "version_affected" : "<", + "version_value" : "7.7.4" }, { - "version_value": "7.8.0", - "version_affected": ">=" + "version_affected" : ">=", + "version_value" : "7.8.0" }, { - "version_value": "7.8.4", - "version_affected": "<" + "version_affected" : "<", + "version_value" : "7.8.4" }, { - "version_value": "7.9.0", - "version_affected": ">=" + "version_affected" : ">=", + "version_value" : "7.9.0" }, { - "version_value": "7.9.2", - "version_affected": "<" + "version_affected" : "<", + "version_value" : "7.9.2" } ] } } ] }, - "vendor_name": "Atlassian" + "vendor_name" : "Atlassian" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified." + "lang" : "eng", + "value" : "The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Cross Site Scripting (XSS)" + "lang" : "eng", + "value" : "Cross Site Scripting (XSS)" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://jira.atlassian.com/browse/JRASERVER-67289" + "name" : "https://jira.atlassian.com/browse/JRASERVER-67289", + "refsource" : "CONFIRM", + "url" : "https://jira.atlassian.com/browse/JRASERVER-67289" } ] }