diff --git a/2017/1xxx/CVE-2017-1794.json b/2017/1xxx/CVE-2017-1794.json index 68f9f6cd4fb..738cee97f51 100644 --- a/2017/1xxx/CVE-2017-1794.json +++ b/2017/1xxx/CVE-2017-1794.json @@ -1,33 +1,9 @@ { - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "H", - "AC" : "H", - "UI" : "N", - "A" : "H", - "I" : "H", - "PR" : "L", - "SCORE" : "7.500", - "S" : "U", - "AV" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039." - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-09-17T00:00:00", + "ID" : "CVE-2017-1794", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -91,28 +67,37 @@ ] } }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-09-17T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2017-1794" - }, - "references" : { - "reference_data" : [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22014097", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 2014097 (Tivoli Monitoring)", - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22014097" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-tivoli-cve20171794-priv-escalation (137039)" + "lang" : "eng", + "value" : "IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039." } ] }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "H", + "AC" : "H", + "AV" : "N", + "C" : "H", + "I" : "H", + "PR" : "L", + "S" : "U", + "SCORE" : "7.500", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -125,5 +110,18 @@ } ] }, - "data_type" : "CVE" + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/docview.wss?uid=swg22014097", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/docview.wss?uid=swg22014097" + }, + { + "name" : "ibm-tivoli-cve20171794-priv-escalation(137039)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137039" + } + ] + } } diff --git a/2018/12xxx/CVE-2018-12242.json b/2018/12xxx/CVE-2018-12242.json index 2af17459985..4afd2a5718b 100644 --- a/2018/12xxx/CVE-2018-12242.json +++ b/2018/12xxx/CVE-2018-12242.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "The Symantec Messaging Gateway product may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network." + "value" : "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network." } ] }, @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.symantec.com/en_US/article.SYMSA1461.html", + "refsource" : "CONFIRM", "url" : "https://support.symantec.com/en_US/article.SYMSA1461.html" } ] diff --git a/2018/12xxx/CVE-2018-12243.json b/2018/12xxx/CVE-2018-12243.json index fc111086ec4..e0734e144f6 100644 --- a/2018/12xxx/CVE-2018-12243.json +++ b/2018/12xxx/CVE-2018-12243.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "The Symantec Messaging Gateway product may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible." + "value" : "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible." } ] }, @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.symantec.com/en_US/article.SYMSA1461.html", + "refsource" : "CONFIRM", "url" : "https://support.symantec.com/en_US/article.SYMSA1461.html" } ] diff --git a/2018/14xxx/CVE-2018-14792.json b/2018/14xxx/CVE-2018-14792.json index 021c166910d..eeb46d3be16 100644 --- a/2018/14xxx/CVE-2018-14792.json +++ b/2018/14xxx/CVE-2018-14792.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : ":WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files." + "value" : "WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files." } ] }, @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-261-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-261-01" } ] diff --git a/2018/16xxx/CVE-2018-16607.json b/2018/16xxx/CVE-2018-16607.json index a60431d5867..f3bbff871dd 100644 --- a/2018/16xxx/CVE-2018-16607.json +++ b/2018/16xxx/CVE-2018-16607.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16607", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://docs.google.com/document/d/1MKeb9lly_oOrVG0Ja4A-HgwaeXhb_xQHT9IIOee3wi0/edit", + "refsource" : "MISC", + "url" : "https://docs.google.com/document/d/1MKeb9lly_oOrVG0Ja4A-HgwaeXhb_xQHT9IIOee3wi0/edit" } ] } diff --git a/2018/16xxx/CVE-2018-16785.json b/2018/16xxx/CVE-2018-16785.json index 9b9aaa04ff5..faf590ebed8 100644 --- a/2018/16xxx/CVE-2018-16785.json +++ b/2018/16xxx/CVE-2018-16785.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-16785", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/ky-j/dedecms/issues/4", + "refsource" : "MISC", + "url" : "https://github.com/ky-j/dedecms/issues/4" } ] } diff --git a/2018/17xxx/CVE-2018-17183.json b/2018/17xxx/CVE-2018-17183.json new file mode 100644 index 00000000000..43d19f726a0 --- /dev/null +++ b/2018/17xxx/CVE-2018-17183.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-17183", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624", + "refsource" : "MISC", + "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624" + }, + { + "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699708", + "refsource" : "MISC", + "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699708" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1149.json b/2018/1xxx/CVE-2018-1149.json index 89d71cd7da1..e1a972ec3e3 100644 --- a/2018/1xxx/CVE-2018-1149.json +++ b/2018/1xxx/CVE-2018-1149.json @@ -54,7 +54,19 @@ "references" : { "reference_data" : [ { + "name" : "https://www.tenable.com/security/research/tra-2018-25", + "refsource" : "MISC", + "url" : "https://www.tenable.com/security/research/tra-2018-25" + }, + { + "name" : "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2", + "refsource" : "CONFIRM", "url" : "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2" + }, + { + "name" : "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf", + "refsource" : "CONFIRM", + "url" : "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf" } ] } diff --git a/2018/1xxx/CVE-2018-1150.json b/2018/1xxx/CVE-2018-1150.json index fc1196f9f0a..f55a8a5ab17 100644 --- a/2018/1xxx/CVE-2018-1150.json +++ b/2018/1xxx/CVE-2018-1150.json @@ -54,7 +54,14 @@ "references" : { "reference_data" : [ { + "name" : "https://www.tenable.com/security/research/tra-2018-25", + "refsource" : "MISC", "url" : "https://www.tenable.com/security/research/tra-2018-25" + }, + { + "name" : "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf", + "refsource" : "CONFIRM", + "url" : "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf" } ] } diff --git a/2018/1xxx/CVE-2018-1782.json b/2018/1xxx/CVE-2018-1782.json index b7eff9c179a..4c528488e3f 100644 --- a/2018/1xxx/CVE-2018-1782.json +++ b/2018/1xxx/CVE-2018-1782.json @@ -1,5 +1,67 @@ { + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-09-17T00:00:00", + "ID" : "CVE-2018-1782", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Spectrum Scale", + "version" : { + "version_data" : [ + { + "version_value" : "5.0.1.0" + }, + { + "version_value" : "5.0.1.1" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" + } + ] + } + }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "H", + "AC" : "L", + "AV" : "L", + "C" : "N", + "I" : "N", + "PR" : "L", + "S" : "C", + "SCORE" : "6.500", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { @@ -15,79 +77,15 @@ "references" : { "reference_data" : [ { - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10730967", + "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10730967", "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 730967 (Spectrum Scale)", - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10730967" + "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10730967" }, { - "name" : "ibm-spectrum-cve20181782-dos (148805)", - "title" : "X-Force Vulnerability Report", + "name" : "ibm-spectrum-cve20181782-dos(148805)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148805" } ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.0.1.0" - }, - { - "version_value" : "5.0.1.1" - } - ] - }, - "product_name" : "Spectrum Scale" - } - ] - } - } - ] - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2018-1782", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-09-17T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "S" : "C", - "AV" : "L", - "SCORE" : "6.500", - "A" : "H", - "I" : "N", - "PR" : "L", - "AC" : "L", - "UI" : "N", - "C" : "N" - } - } } }