diff --git a/2018/19xxx/CVE-2018-19940.json b/2018/19xxx/CVE-2018-19940.json new file mode 100644 index 00000000000..80824fdbab8 --- /dev/null +++ b/2018/19xxx/CVE-2018-19940.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19940", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19941.json b/2018/19xxx/CVE-2018-19941.json new file mode 100644 index 00000000000..b0e079e77fb --- /dev/null +++ b/2018/19xxx/CVE-2018-19941.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19941", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19942.json b/2018/19xxx/CVE-2018-19942.json new file mode 100644 index 00000000000..ec60baf4433 --- /dev/null +++ b/2018/19xxx/CVE-2018-19942.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19942", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19943.json b/2018/19xxx/CVE-2018-19943.json new file mode 100644 index 00000000000..bea8959e356 --- /dev/null +++ b/2018/19xxx/CVE-2018-19943.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19943", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19944.json b/2018/19xxx/CVE-2018-19944.json new file mode 100644 index 00000000000..a79c315a962 --- /dev/null +++ b/2018/19xxx/CVE-2018-19944.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19944", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19945.json b/2018/19xxx/CVE-2018-19945.json new file mode 100644 index 00000000000..0c532219426 --- /dev/null +++ b/2018/19xxx/CVE-2018-19945.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19945", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19946.json b/2018/19xxx/CVE-2018-19946.json new file mode 100644 index 00000000000..c39eecaccea --- /dev/null +++ b/2018/19xxx/CVE-2018-19946.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19946", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19947.json b/2018/19xxx/CVE-2018-19947.json new file mode 100644 index 00000000000..d879bea02cf --- /dev/null +++ b/2018/19xxx/CVE-2018-19947.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19947", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19948.json b/2018/19xxx/CVE-2018-19948.json new file mode 100644 index 00000000000..0c3c9d86157 --- /dev/null +++ b/2018/19xxx/CVE-2018-19948.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19948", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19949.json b/2018/19xxx/CVE-2018-19949.json new file mode 100644 index 00000000000..ea60313b0bd --- /dev/null +++ b/2018/19xxx/CVE-2018-19949.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19949", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19950.json b/2018/19xxx/CVE-2018-19950.json new file mode 100644 index 00000000000..a1e8fc11b2e --- /dev/null +++ b/2018/19xxx/CVE-2018-19950.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19950", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19951.json b/2018/19xxx/CVE-2018-19951.json new file mode 100644 index 00000000000..7ea8c348810 --- /dev/null +++ b/2018/19xxx/CVE-2018-19951.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19951", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19952.json b/2018/19xxx/CVE-2018-19952.json new file mode 100644 index 00000000000..a631da852e3 --- /dev/null +++ b/2018/19xxx/CVE-2018-19952.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19952", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19953.json b/2018/19xxx/CVE-2018-19953.json new file mode 100644 index 00000000000..a159475d713 --- /dev/null +++ b/2018/19xxx/CVE-2018-19953.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19953", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19954.json b/2018/19xxx/CVE-2018-19954.json new file mode 100644 index 00000000000..00cbee04b74 --- /dev/null +++ b/2018/19xxx/CVE-2018-19954.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19954", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19955.json b/2018/19xxx/CVE-2018-19955.json new file mode 100644 index 00000000000..4edbdbba52e --- /dev/null +++ b/2018/19xxx/CVE-2018-19955.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19955", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19956.json b/2018/19xxx/CVE-2018-19956.json new file mode 100644 index 00000000000..db41cdf3fa1 --- /dev/null +++ b/2018/19xxx/CVE-2018-19956.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19956", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19957.json b/2018/19xxx/CVE-2018-19957.json new file mode 100644 index 00000000000..72b2a7f9fb4 --- /dev/null +++ b/2018/19xxx/CVE-2018-19957.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19957", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19958.json b/2018/19xxx/CVE-2018-19958.json new file mode 100644 index 00000000000..84fa381cd3f --- /dev/null +++ b/2018/19xxx/CVE-2018-19958.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19958", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19959.json b/2018/19xxx/CVE-2018-19959.json new file mode 100644 index 00000000000..d05ddcc0751 --- /dev/null +++ b/2018/19xxx/CVE-2018-19959.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19959", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19960.json b/2018/19xxx/CVE-2018-19960.json new file mode 100644 index 00000000000..9ca73b90b07 --- /dev/null +++ b/2018/19xxx/CVE-2018-19960.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19960", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.debian.org/915859", + "refsource" : "MISC", + "url" : "https://bugs.debian.org/915859" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1424.json b/2018/1xxx/CVE-2018-1424.json index 7c67d98694f..0c6e9666a13 100644 --- a/2018/1xxx/CVE-2018-1424.json +++ b/2018/1xxx/CVE-2018-1424.json @@ -1,48 +1,18 @@ { - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 744217 (Marketing Platform)", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-marketing-cve20181424-info-disc (139029)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "PR" : "L", - "S" : "U", - "C" : "H", - "I" : "N", - "SCORE" : "7.100", - "AV" : "N", - "AC" : "L", - "A" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-05T00:00:00", + "ID" : "CVE-2018-1424", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Marketing Platform", "version" : { "version_data" : [ { @@ -55,15 +25,46 @@ "version_value" : "10.1" } ] - }, - "product_name" : "Marketing Platform" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "7.100", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -76,21 +77,18 @@ } ] }, - "description" : { - "description_data" : [ + "references" : { + "reference_data" : [ { - "value" : "IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.", - "lang" : "eng" + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217" + }, + { + "name" : "ibm-marketing-cve20181424-info-disc(139029)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029" } ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-12-05T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1424" - }, - "data_format" : "MITRE", - "data_type" : "CVE" + } } diff --git a/2018/1xxx/CVE-2018-1663.json b/2018/1xxx/CVE-2018-1663.json index 324467d6bbe..ed53e59a6d1 100644 --- a/2018/1xxx/CVE-2018-1663.json +++ b/2018/1xxx/CVE-2018-1663.json @@ -1,39 +1,9 @@ { - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 740033 (DataPower Gateways)", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10740033", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10740033" - }, - { - "refsource" : "XF", - "name" : "ibm-websphere-cve20181663-info-disc (144889)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144889", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "PR" : "N", - "UI" : "N", - "AC" : "H", - "A" : "N", - "AV" : "N", - "SCORE" : "5.900", - "I" : "N", - "C" : "H" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-05T00:00:00", + "ID" : "CVE-2018-1663", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -70,33 +40,61 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "H", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "5.900", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Obtain Information", - "lang" : "eng" + "lang" : "eng", + "value" : "Obtain Information" } ] } ] }, - "data_version" : "4.0", - "data_format" : "MITRE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-05T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1663" - }, - "description" : { - "description_data" : [ + "references" : { + "reference_data" : [ { - "value" : "IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889.", - "lang" : "eng" + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10740033", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10740033" + }, + { + "name" : "ibm-websphere-cve20181663-info-disc(144889)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144889" } ] - }, - "data_type" : "CVE" + } } diff --git a/2018/1xxx/CVE-2018-1883.json b/2018/1xxx/CVE-2018-1883.json index 68bed130cc0..9cac4b2a1c9 100644 --- a/2018/1xxx/CVE-2018-1883.json +++ b/2018/1xxx/CVE-2018-1883.json @@ -1,56 +1,9 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969." - } - ] - }, "CVE_data_meta" : { "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", "DATE_PUBLIC" : "2018-12-05T00:00:00", - "ID" : "CVE-2018-1883" - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 738197 (MQ)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10738197", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10738197" - }, - { - "refsource" : "XF", - "name" : "ibm-websphere-cve20181883-dos (151969)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151969", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "PR" : "N", - "UI" : "N", - "S" : "U", - "C" : "N", - "SCORE" : "5.300", - "I" : "N", - "AC" : "L", - "A" : "L", - "AV" : "N" - } - } + "ID" : "CVE-2018-1883", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -59,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "MQ", "version" : { "version_data" : [ { @@ -77,8 +31,7 @@ "version_value" : "9.1.0.0" } ] - }, - "product_name" : "MQ" + } } ] }, @@ -87,6 +40,37 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "N", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "5.300", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -98,5 +82,19 @@ ] } ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10738197", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10738197" + }, + { + "name" : "ibm-websphere-cve20181883-dos(151969)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151969" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1896.json b/2018/1xxx/CVE-2018-1896.json index 67a89bbff83..a030b85044e 100644 --- a/2018/1xxx/CVE-2018-1896.json +++ b/2018/1xxx/CVE-2018-1896.json @@ -1,15 +1,9 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-12-05T00:00:00", + "ID" : "CVE-2018-1896", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -40,57 +34,61 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456." + } + ] + }, "impact" : { "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, "BM" : { - "UI" : "R", - "PR" : "L", - "S" : "U", + "A" : "N", + "AC" : "L", + "AV" : "N", "C" : "L", "I" : "L", + "PR" : "L", + "S" : "U", "SCORE" : "4.600", - "AV" : "N", - "AC" : "L", - "A" : "N" + "UI" : "R" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } } }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, "references" : { "reference_data" : [ { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742567", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10742567", "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 742567 (Connections)" + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742567" }, { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152456", - "name" : "ibm-connections-cve20181896-head-injection (152456)", - "refsource" : "XF" + "name" : "ibm-connections-cve20181896-head-injection(152456)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152456" } ] - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2018-1896", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-12-05T00:00:00" - }, - "data_format" : "MITRE" + } } diff --git a/2018/1xxx/CVE-2018-1920.json b/2018/1xxx/CVE-2018-1920.json index 36640824f5f..8df8cd7dd75 100644 --- a/2018/1xxx/CVE-2018-1920.json +++ b/2018/1xxx/CVE-2018-1920.json @@ -1,62 +1,14 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", "CVE_data_meta" : { "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", "DATE_PUBLIC" : "2018-12-05T00:00:00", - "ID" : "CVE-2018-1920" - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 744217 (Marketing Platform)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152855", - "name" : "ibm-marketing-cve20181920-xxe (152855)", - "refsource" : "XF" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "S" : "U", - "PR" : "L", - "UI" : "N", - "C" : "H", - "AC" : "L", - "A" : "L", - "AV" : "N", - "SCORE" : "7.100", - "I" : "N" - } - } + "ID" : "CVE-2018-1920", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -76,11 +28,43 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "H", + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "7.100", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -92,5 +76,19 @@ ] } ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217" + }, + { + "name" : "ibm-marketing-cve20181920-xxe(152855)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152855" + } + ] } } diff --git a/2018/6xxx/CVE-2018-6755.json b/2018/6xxx/CVE-2018-6755.json index 7b1ca65c908..08a984cdfde 100644 --- a/2018/6xxx/CVE-2018-6755.json +++ b/2018/6xxx/CVE-2018-6755.json @@ -44,7 +44,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware." + "value" : "Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware." } ] },