diff --git a/2018/0xxx/CVE-2018-0526.json b/2018/0xxx/CVE-2018-0526.json index d532dfdc3a9..22ea032ccdf 100644 --- a/2018/0xxx/CVE-2018-0526.json +++ b/2018/0xxx/CVE-2018-0526.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://support.cybozu.com/ja-jp/article/10030" - }, - { - "url": "http://jvn.jp/en/jp/JVN51737843/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "10.0.0 to 10.7.0" - } - ] - }, - "product_name": "Cybozu Office" - } - ] - }, - "vendor_name": "Cybozu, Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0526", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0526", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cybozu Office", + "version" : { + "version_data" : [ + { + "version_value" : "10.0.0 to 10.7.0" + } + ] + } + } + ] + }, + "vendor_name" : "Cybozu, Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.cybozu.com/ja-jp/article/10030", + "refsource" : "CONFIRM", + "url" : "https://support.cybozu.com/ja-jp/article/10030" + }, + { + "name" : "JVN#51737843", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN51737843/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0527.json b/2018/0xxx/CVE-2018-0527.json index c5c097ba98d..2772d9e228e 100644 --- a/2018/0xxx/CVE-2018-0527.json +++ b/2018/0xxx/CVE-2018-0527.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://support.cybozu.com/ja-jp/article/10029" - }, - { - "url": "http://jvn.jp/en/jp/JVN51737843/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "10.0.0 to 10.7.0" - } - ] - }, - "product_name": "Cybozu Office" - } - ] - }, - "vendor_name": "Cybozu, Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0527", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0527", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cybozu Office", + "version" : { + "version_data" : [ + { + "version_value" : "10.0.0 to 10.7.0" + } + ] + } + } + ] + }, + "vendor_name" : "Cybozu, Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.cybozu.com/ja-jp/article/10029", + "refsource" : "CONFIRM", + "url" : "https://support.cybozu.com/ja-jp/article/10029" + }, + { + "name" : "JVN#51737843", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN51737843/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0528.json b/2018/0xxx/CVE-2018-0528.json index b20025f9f84..dff72aeccaf 100644 --- a/2018/0xxx/CVE-2018-0528.json +++ b/2018/0xxx/CVE-2018-0528.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://support.cybozu.com/ja-jp/article/9812" - }, - { - "url": "http://jvn.jp/en/jp/JVN51737843/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "10.0.0 to 10.7.0" - } - ] - }, - "product_name": "Cybozu Office" - } - ] - }, - "vendor_name": "Cybozu, Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0528", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Authentication bypass" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0528", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cybozu Office", + "version" : { + "version_data" : [ + { + "version_value" : "10.0.0 to 10.7.0" + } + ] + } + } + ] + }, + "vendor_name" : "Cybozu, Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Authentication bypass" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.cybozu.com/ja-jp/article/9812", + "refsource" : "CONFIRM", + "url" : "https://support.cybozu.com/ja-jp/article/9812" + }, + { + "name" : "JVN#51737843", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN51737843/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0529.json b/2018/0xxx/CVE-2018-0529.json index 94e079d59ef..37e177e40c6 100644 --- a/2018/0xxx/CVE-2018-0529.json +++ b/2018/0xxx/CVE-2018-0529.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://support.cybozu.com/ja-jp/article/10052" - }, - { - "url": "http://jvn.jp/en/jp/JVN51737843/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "10.0.0 to 10.7.0" - } - ] - }, - "product_name": "Cybozu Office" - } - ] - }, - "vendor_name": "Cybozu, Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0529", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial-of-service (DoS)" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0529", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cybozu Office", + "version" : { + "version_data" : [ + { + "version_value" : "10.0.0 to 10.7.0" + } + ] + } + } + ] + }, + "vendor_name" : "Cybozu, Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial-of-service (DoS)" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.cybozu.com/ja-jp/article/10052", + "refsource" : "CONFIRM", + "url" : "https://support.cybozu.com/ja-jp/article/10052" + }, + { + "name" : "JVN#51737843", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN51737843/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0557.json b/2018/0xxx/CVE-2018-0557.json index 4c8ff634c7b..af1459b46e5 100644 --- a/2018/0xxx/CVE-2018-0557.json +++ b/2018/0xxx/CVE-2018-0557.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://support.cybozu.com/ja-jp/article/10194" - }, - { - "url": "http://jvn.jp/en/jp/JVN52319657/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "5.0.0 to 5.4.1" - } - ] - }, - "product_name": "Cybozu Mailwise" - } - ] - }, - "vendor_name": "Cybozu, Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0557", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0557", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cybozu Mailwise", + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0 to 5.4.1" + } + ] + } + } + ] + }, + "vendor_name" : "Cybozu, Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.cybozu.com/ja-jp/article/10194", + "refsource" : "CONFIRM", + "url" : "https://support.cybozu.com/ja-jp/article/10194" + }, + { + "name" : "JVN#52319657", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN52319657/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0558.json b/2018/0xxx/CVE-2018-0558.json index be138a58eb8..423a8d69f8f 100644 --- a/2018/0xxx/CVE-2018-0558.json +++ b/2018/0xxx/CVE-2018-0558.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://support.cybozu.com/ja-jp/article/10193" - }, - { - "url": "http://jvn.jp/en/jp/JVN52319657/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Reflected ross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "5.0.0 to 5.4.1" - } - ] - }, - "product_name": "Cybozu Mailwise" - } - ] - }, - "vendor_name": "Cybozu, Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0558", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0558", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cybozu Mailwise", + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0 to 5.4.1" + } + ] + } + } + ] + }, + "vendor_name" : "Cybozu, Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.cybozu.com/ja-jp/article/10193", + "refsource" : "CONFIRM", + "url" : "https://support.cybozu.com/ja-jp/article/10193" + }, + { + "name" : "JVN#52319657", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN52319657/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0559.json b/2018/0xxx/CVE-2018-0559.json index 63bc6cde893..c7af6fbb385 100644 --- a/2018/0xxx/CVE-2018-0559.json +++ b/2018/0xxx/CVE-2018-0559.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://support.cybozu.com/ja-jp/article/10196" - }, - { - "url": "http://jvn.jp/en/jp/JVN52319657/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "5.0.0 to 5.4.1" - } - ] - }, - "product_name": "Cybozu Mailwise" - } - ] - }, - "vendor_name": "Cybozu, Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0559", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0559", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cybozu Mailwise", + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0 to 5.4.1" + } + ] + } + } + ] + }, + "vendor_name" : "Cybozu, Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.cybozu.com/ja-jp/article/10196", + "refsource" : "CONFIRM", + "url" : "https://support.cybozu.com/ja-jp/article/10196" + }, + { + "name" : "JVN#52319657", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN52319657/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0563.json b/2018/0xxx/CVE-2018-0563.json index 29fbd0bc349..8daa1b1245c 100644 --- a/2018/0xxx/CVE-2018-0563.json +++ b/2018/0xxx/CVE-2018-0563.json @@ -1,65 +1,72 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://flets.com/customer/tec/fvc/setup/esat_install.html" - }, - { - "url": "https://flets.com/customer/next/sec/setup/esat_install.html" - }, - { - "url": "http://jvn.jp/en/jp/JVN20040004/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "" - } - ] - }, - "product_name": "the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions" - } - ] - }, - "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0563", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0563", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions", + "version" : { + "version_data" : [ + { + "version_value" : "" + } + ] + } + } + ] + }, + "vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://flets.com/customer/next/sec/setup/esat_install.html", + "refsource" : "MISC", + "url" : "https://flets.com/customer/next/sec/setup/esat_install.html" + }, + { + "name" : "https://flets.com/customer/tec/fvc/setup/esat_install.html", + "refsource" : "MISC", + "url" : "https://flets.com/customer/tec/fvc/setup/esat_install.html" + }, + { + "name" : "JVN#20040004", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN20040004/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0565.json b/2018/0xxx/CVE-2018-0565.json index ec296849be7..0331d50d4f1 100644 --- a/2018/0xxx/CVE-2018-0565.json +++ b/2018/0xxx/CVE-2018-0565.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://support.cybozu.com/ja-jp/article/10200" - }, - { - "url": "http://jvn.jp/en/jp/JVN51737843/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "10.0.0 to 10.8.0" - } - ] - }, - "product_name": "Cybozu Office" - } - ] - }, - "vendor_name": "Cybozu, Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0565", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0565", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cybozu Office", + "version" : { + "version_data" : [ + { + "version_value" : "10.0.0 to 10.8.0" + } + ] + } + } + ] + }, + "vendor_name" : "Cybozu, Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.cybozu.com/ja-jp/article/10200", + "refsource" : "CONFIRM", + "url" : "https://support.cybozu.com/ja-jp/article/10200" + }, + { + "name" : "JVN#51737843", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN51737843/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0566.json b/2018/0xxx/CVE-2018-0566.json index 9e61055343a..6a07006c9d6 100644 --- a/2018/0xxx/CVE-2018-0566.json +++ b/2018/0xxx/CVE-2018-0566.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://support.cybozu.com/ja-jp/article/10195" - }, - { - "url": "http://jvn.jp/en/jp/JVN51737843/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "10.0.0 to 10.8.0" - } - ] - }, - "product_name": "Cybozu Office" - } - ] - }, - "vendor_name": "Cybozu, Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0566", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Authentication bypass" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0566", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cybozu Office", + "version" : { + "version_data" : [ + { + "version_value" : "10.0.0 to 10.8.0" + } + ] + } + } + ] + }, + "vendor_name" : "Cybozu, Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Authentication bypass" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.cybozu.com/ja-jp/article/10195", + "refsource" : "CONFIRM", + "url" : "https://support.cybozu.com/ja-jp/article/10195" + }, + { + "name" : "JVN#51737843", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN51737843/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0567.json b/2018/0xxx/CVE-2018-0567.json index 725591a837e..77fadaf3414 100644 --- a/2018/0xxx/CVE-2018-0567.json +++ b/2018/0xxx/CVE-2018-0567.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://support.cybozu.com/ja-jp/article/10198" - }, - { - "url": "http://jvn.jp/en/jp/JVN51737843/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "10.0.0 to 10.8.0" - } - ] - }, - "product_name": "Cybozu Office" - } - ] - }, - "vendor_name": "Cybozu, Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0567", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Fails to restrict access" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0567", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cybozu Office", + "version" : { + "version_data" : [ + { + "version_value" : "10.0.0 to 10.8.0" + } + ] + } + } + ] + }, + "vendor_name" : "Cybozu, Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Fails to restrict access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.cybozu.com/ja-jp/article/10198", + "refsource" : "CONFIRM", + "url" : "https://support.cybozu.com/ja-jp/article/10198" + }, + { + "name" : "JVN#51737843", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN51737843/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0569.json b/2018/0xxx/CVE-2018-0569.json index 039c7e86b10..d3de19a3ddd 100644 --- a/2018/0xxx/CVE-2018-0569.json +++ b/2018/0xxx/CVE-2018-0569.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://basercms.net/security/JVN67881316" - }, - { - "url": "http://jvn.jp/en/jp/JVN67881316/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" - } - ] - }, - "product_name": "baserCMS" - } - ] - }, - "vendor_name": "baserCMS Users Community" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0569", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "OS Command Injection" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0569", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "baserCMS", + "version" : { + "version_data" : [ + { + "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" + } + ] + } + } + ] + }, + "vendor_name" : "baserCMS Users Community" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "OS Command Injection" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://basercms.net/security/JVN67881316", + "refsource" : "MISC", + "url" : "https://basercms.net/security/JVN67881316" + }, + { + "name" : "JVN#67881316", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN67881316/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0570.json b/2018/0xxx/CVE-2018-0570.json index bef8ab10773..64b991ab80e 100644 --- a/2018/0xxx/CVE-2018-0570.json +++ b/2018/0xxx/CVE-2018-0570.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://basercms.net/security/JVN67881316" - }, - { - "url": "http://jvn.jp/en/jp/JVN67881316/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" - } - ] - }, - "product_name": "baserCMS" - } - ] - }, - "vendor_name": "baserCMS Users Community" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0570", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0570", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "baserCMS", + "version" : { + "version_data" : [ + { + "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" + } + ] + } + } + ] + }, + "vendor_name" : "baserCMS Users Community" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://basercms.net/security/JVN67881316", + "refsource" : "MISC", + "url" : "https://basercms.net/security/JVN67881316" + }, + { + "name" : "JVN#67881316", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN67881316/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0571.json b/2018/0xxx/CVE-2018-0571.json index 84110bb3518..9bd0fc24642 100644 --- a/2018/0xxx/CVE-2018-0571.json +++ b/2018/0xxx/CVE-2018-0571.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://basercms.net/security/JVN67881316" - }, - { - "url": "http://jvn.jp/en/jp/JVN67881316/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" - } - ] - }, - "product_name": "baserCMS" - } - ] - }, - "vendor_name": "baserCMS Users Community" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0571", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Unrestricted Upload of File with Dangerous Type" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0571", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "baserCMS", + "version" : { + "version_data" : [ + { + "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" + } + ] + } + } + ] + }, + "vendor_name" : "baserCMS Users Community" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://basercms.net/security/JVN67881316", + "refsource" : "MISC", + "url" : "https://basercms.net/security/JVN67881316" + }, + { + "name" : "JVN#67881316", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN67881316/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0572.json b/2018/0xxx/CVE-2018-0572.json index 29f357dc218..4e79e1de256 100644 --- a/2018/0xxx/CVE-2018-0572.json +++ b/2018/0xxx/CVE-2018-0572.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://basercms.net/security/JVN67881316" - }, - { - "url": "http://jvn.jp/en/jp/JVN67881316/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" - } - ] - }, - "product_name": "baserCMS" - } - ] - }, - "vendor_name": "baserCMS Users Community" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0572", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Fails to restrict access" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0572", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "baserCMS", + "version" : { + "version_data" : [ + { + "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" + } + ] + } + } + ] + }, + "vendor_name" : "baserCMS Users Community" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Fails to restrict access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://basercms.net/security/JVN67881316", + "refsource" : "MISC", + "url" : "https://basercms.net/security/JVN67881316" + }, + { + "name" : "JVN#67881316", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN67881316/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0573.json b/2018/0xxx/CVE-2018-0573.json index e18a2c9a1ab..543fc039455 100644 --- a/2018/0xxx/CVE-2018-0573.json +++ b/2018/0xxx/CVE-2018-0573.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://basercms.net/security/JVN67881316" - }, - { - "url": "http://jvn.jp/en/jp/JVN67881316/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" - } - ] - }, - "product_name": "baserCMS" - } - ] - }, - "vendor_name": "baserCMS Users Community" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0573", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Fails to restrict access" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0573", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "baserCMS", + "version" : { + "version_data" : [ + { + "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" + } + ] + } + } + ] + }, + "vendor_name" : "baserCMS Users Community" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Fails to restrict access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://basercms.net/security/JVN67881316", + "refsource" : "MISC", + "url" : "https://basercms.net/security/JVN67881316" + }, + { + "name" : "JVN#67881316", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN67881316/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0574.json b/2018/0xxx/CVE-2018-0574.json index f6fced5bdaf..89ef71607fd 100644 --- a/2018/0xxx/CVE-2018-0574.json +++ b/2018/0xxx/CVE-2018-0574.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://basercms.net/security/JVN67881316" - }, - { - "url": "http://jvn.jp/en/jp/JVN67881316/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" - } - ] - }, - "product_name": "baserCMS" - } - ] - }, - "vendor_name": "baserCMS Users Community" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0574", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0574", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "baserCMS", + "version" : { + "version_data" : [ + { + "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" + } + ] + } + } + ] + }, + "vendor_name" : "baserCMS Users Community" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://basercms.net/security/JVN67881316", + "refsource" : "MISC", + "url" : "https://basercms.net/security/JVN67881316" + }, + { + "name" : "JVN#67881316", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN67881316/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0575.json b/2018/0xxx/CVE-2018-0575.json index 5eddc899ee8..17325a205d0 100644 --- a/2018/0xxx/CVE-2018-0575.json +++ b/2018/0xxx/CVE-2018-0575.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://basercms.net/security/JVN67881316" - }, - { - "url": "http://jvn.jp/en/jp/JVN67881316/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" - } - ] - }, - "product_name": "baserCMS" - } - ] - }, - "vendor_name": "baserCMS Users Community" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0575", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Fails to restrict access" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0575", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "baserCMS", + "version" : { + "version_data" : [ + { + "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" + } + ] + } + } + ] + }, + "vendor_name" : "baserCMS Users Community" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Fails to restrict access" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://basercms.net/security/JVN67881316", + "refsource" : "MISC", + "url" : "https://basercms.net/security/JVN67881316" + }, + { + "name" : "JVN#67881316", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN67881316/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0584.json b/2018/0xxx/CVE-2018-0584.json index 5f323895a9c..edc1617634b 100644 --- a/2018/0xxx/CVE-2018-0584.json +++ b/2018/0xxx/CVE-2018-0584.json @@ -1,59 +1,62 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "http://jvn.jp/en/jp/JVN27137002/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "version 2.1.0 and earlier" - } - ] - }, - "product_name": "IIJ SmartKey App for Android" - } - ] - }, - "vendor_name": "Internet Initiative Japan Inc." - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0584", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Authentication bypass" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0584", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "IIJ SmartKey App for Android", + "version" : { + "version_data" : [ + { + "version_value" : "version 2.1.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Internet Initiative Japan Inc." + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Authentication bypass" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "JVN#27137002", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN27137002/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0592.json b/2018/0xxx/CVE-2018-0592.json index ccca7d15a7d..ee832efc6b2 100644 --- a/2018/0xxx/CVE-2018-0592.json +++ b/2018/0xxx/CVE-2018-0592.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" - }, - { - "url": "http://jvn.jp/en/jp/JVN91151862/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "" - } - ] - }, - "product_name": "Microsoft OneDrive" - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0592", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0592", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Microsoft OneDrive", + "version" : { + "version_data" : [ + { + "version_value" : "" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", + "refsource" : "MISC", + "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "name" : "JVN#91151862", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN91151862/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0593.json b/2018/0xxx/CVE-2018-0593.json index 61119595438..a2f0c431e24 100644 --- a/2018/0xxx/CVE-2018-0593.json +++ b/2018/0xxx/CVE-2018-0593.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" - }, - { - "url": "http://jvn.jp/en/jp/JVN91151862/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "" - } - ] - }, - "product_name": "The installer of Microsoft OneDrive" - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0593", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0593", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "The installer of Microsoft OneDrive", + "version" : { + "version_data" : [ + { + "version_value" : "" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", + "refsource" : "MISC", + "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "name" : "JVN#91151862", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN91151862/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0594.json b/2018/0xxx/CVE-2018-0594.json index 579e4d1fa4d..461bb7c80a8 100644 --- a/2018/0xxx/CVE-2018-0594.json +++ b/2018/0xxx/CVE-2018-0594.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" - }, - { - "url": "http://jvn.jp/en/jp/JVN91151862/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "" - } - ] - }, - "product_name": "Skype for Windows" - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0594", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0594", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Skype for Windows", + "version" : { + "version_data" : [ + { + "version_value" : "" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", + "refsource" : "MISC", + "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "name" : "JVN#91151862", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN91151862/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0595.json b/2018/0xxx/CVE-2018-0595.json index 39a7706f0ef..717717a9554 100644 --- a/2018/0xxx/CVE-2018-0595.json +++ b/2018/0xxx/CVE-2018-0595.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" - }, - { - "url": "http://jvn.jp/en/jp/JVN91151862/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "" - } - ] - }, - "product_name": "The installer of Skype for Windows" - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0595", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0595", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "The installer of Skype for Windows", + "version" : { + "version_data" : [ + { + "version_value" : "" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", + "refsource" : "MISC", + "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "name" : "JVN#91151862", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN91151862/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0596.json b/2018/0xxx/CVE-2018-0596.json index 812cead791a..5ea786d096a 100644 --- a/2018/0xxx/CVE-2018-0596.json +++ b/2018/0xxx/CVE-2018-0596.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" - }, - { - "url": "http://jvn.jp/en/jp/JVN91151862/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "" - } - ] - }, - "product_name": "The installer of Visual Studio Community" - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0596", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0596", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "The installer of Visual Studio Community", + "version" : { + "version_data" : [ + { + "version_value" : "" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", + "refsource" : "MISC", + "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "name" : "JVN#91151862", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN91151862/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0597.json b/2018/0xxx/CVE-2018-0597.json index a53a543e0d7..98cda9c0b3f 100644 --- a/2018/0xxx/CVE-2018-0597.json +++ b/2018/0xxx/CVE-2018-0597.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" - }, - { - "url": "http://jvn.jp/en/jp/JVN91151862/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "" - } - ] - }, - "product_name": "The installer of Visual Studio Code" - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0597", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0597", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "The installer of Visual Studio Code", + "version" : { + "version_data" : [ + { + "version_value" : "" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", + "refsource" : "MISC", + "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "name" : "JVN#91151862", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN91151862/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0598.json b/2018/0xxx/CVE-2018-0598.json index c21a38bb41f..7b0482362a3 100644 --- a/2018/0xxx/CVE-2018-0598.json +++ b/2018/0xxx/CVE-2018-0598.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" - }, - { - "url": "http://jvn.jp/en/jp/JVN72748502/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "" - } - ] - }, - "product_name": "Self-extracting archive files created by IExpress bundled with Microsoft Windows" - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0598", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0598", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Self-extracting archive files created by IExpress bundled with Microsoft Windows", + "version" : { + "version_data" : [ + { + "version_value" : "" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", + "refsource" : "MISC", + "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "name" : "JVN#72748502", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN72748502/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0599.json b/2018/0xxx/CVE-2018-0599.json index 216da9d8edb..9a3f7e728ab 100644 --- a/2018/0xxx/CVE-2018-0599.json +++ b/2018/0xxx/CVE-2018-0599.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" - }, - { - "url": "http://jvn.jp/en/jp/JVN81196185/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "" - } - ] - }, - "product_name": "The installer of Visual C++ Redistributable" - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0599", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0599", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "The installer of Visual C++ Redistributable", + "version" : { + "version_data" : [ + { + "version_value" : "" + } + ] + } + } + ] + }, + "vendor_name" : "Microsoft" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/", + "refsource" : "MISC", + "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" + }, + { + "name" : "JVN#81196185", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN81196185/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0600.json b/2018/0xxx/CVE-2018-0600.json index 614bfada028..928367692a6 100644 --- a/2018/0xxx/CVE-2018-0600.json +++ b/2018/0xxx/CVE-2018-0600.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html" - }, - { - "url": "http://jvn.jp/en/jp/JVN13940333/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "ver.5.5.01 and earlier" - } - ] - }, - "product_name": "the installer of PlayMemories Home for Windows" - } - ] - }, - "vendor_name": "Sony Corporation" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0600", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0600", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "the installer of PlayMemories Home for Windows", + "version" : { + "version_data" : [ + { + "version_value" : "ver.5.5.01 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Sony Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html", + "refsource" : "MISC", + "url" : "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html" + }, + { + "name" : "JVN#13940333", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN13940333/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0601.json b/2018/0xxx/CVE-2018-0601.json index 0947667954a..931224998fe 100644 --- a/2018/0xxx/CVE-2018-0601.json +++ b/2018/0xxx/CVE-2018-0601.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)" - }, - { - "url": "http://jvn.jp/en/jp/JVN79301396/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "v0.01" - } - ] - }, - "product_name": "axpdfium" - } - ] - }, - "vendor_name": "Yasutaka ATARASHI" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0601", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0601", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "axpdfium", + "version" : { + "version_data" : [ + { + "version_value" : "v0.01" + } + ] + } + } + ] + }, + "vendor_name" : "Yasutaka ATARASHI" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)", + "refsource" : "MISC", + "url" : "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)" + }, + { + "name" : "JVN#79301396", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN79301396/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0602.json b/2018/0xxx/CVE-2018-0602.json index c96e10fa5a1..3314e99d33c 100644 --- a/2018/0xxx/CVE-2018-0602.json +++ b/2018/0xxx/CVE-2018-0602.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/email-subscribers/#developers" - }, - { - "url": "http://jvn.jp/en/jp/JVN16471686/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "prior to version 3.5.0" - } - ] - }, - "product_name": "Email Subscribers & Newsletters" - } - ] - }, - "vendor_name": "icegram" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0602", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0602", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Email Subscribers & Newsletters", + "version" : { + "version_data" : [ + { + "version_value" : "prior to version 3.5.0" + } + ] + } + } + ] + }, + "vendor_name" : "icegram" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/email-subscribers/#developers", + "refsource" : "MISC", + "url" : "https://wordpress.org/plugins/email-subscribers/#developers" + }, + { + "name" : "JVN#16471686", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN16471686/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0603.json b/2018/0xxx/CVE-2018-0603.json index 4ceae586091..58f34523a49 100644 --- a/2018/0xxx/CVE-2018-0603.json +++ b/2018/0xxx/CVE-2018-0603.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/site-reviews/#developers" - }, - { - "url": "http://jvn.jp/en/jp/JVN60978548/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "prior to version 2.15.3" - } - ] - }, - "product_name": "Site Reviews" - } - ] - }, - "vendor_name": "Gemini Labs" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0603", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0603", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Site Reviews", + "version" : { + "version_data" : [ + { + "version_value" : "prior to version 2.15.3" + } + ] + } + } + ] + }, + "vendor_name" : "Gemini Labs" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wordpress.org/plugins/site-reviews/#developers", + "refsource" : "MISC", + "url" : "https://wordpress.org/plugins/site-reviews/#developers" + }, + { + "name" : "JVN#60978548", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN60978548/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0604.json b/2018/0xxx/CVE-2018-0604.json index a8c8e3f8bc0..649af747cb4 100644 --- a/2018/0xxx/CVE-2018-0604.json +++ b/2018/0xxx/CVE-2018-0604.json @@ -1,59 +1,62 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "http://jvn.jp/en/jp/JVN27978559/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "v1.7.3 and earlier" - } - ] - }, - "product_name": "Pixelpost" - } - ] - }, - "vendor_name": "Pixelpost.org" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0604", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote code execution" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0604", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Pixelpost", + "version" : { + "version_data" : [ + { + "version_value" : "v1.7.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Pixelpost.org" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Remote code execution" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "JVN#27978559", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN27978559/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0605.json b/2018/0xxx/CVE-2018-0605.json index 96c2bfcea2c..372d917acf7 100644 --- a/2018/0xxx/CVE-2018-0605.json +++ b/2018/0xxx/CVE-2018-0605.json @@ -1,59 +1,62 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "http://jvn.jp/en/jp/JVN27978559/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "v1.7.3 and earlier" - } - ] - }, - "product_name": "Pixelpost" - } - ] - }, - "vendor_name": "Pixelpost.org" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0605", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0605", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Pixelpost", + "version" : { + "version_data" : [ + { + "version_value" : "v1.7.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Pixelpost.org" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "JVN#27978559", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN27978559/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0606.json b/2018/0xxx/CVE-2018-0606.json index 67d4729e9fa..d452261085c 100644 --- a/2018/0xxx/CVE-2018-0606.json +++ b/2018/0xxx/CVE-2018-0606.json @@ -1,59 +1,62 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "http://jvn.jp/en/jp/JVN27978559/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "v1.7.3 and earlier" - } - ] - }, - "product_name": "Pixelpost" - } - ] - }, - "vendor_name": "Pixelpost.org" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0606", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "SQL Injection" - } - ] - } - ] - } -} +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0606", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Pixelpost", + "version" : { + "version_data" : [ + { + "version_value" : "v1.7.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Pixelpost.org" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "SQL Injection" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "JVN#27978559", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN27978559/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0608.json b/2018/0xxx/CVE-2018-0608.json index c555571f769..9a34f2c740c 100644 --- a/2018/0xxx/CVE-2018-0608.json +++ b/2018/0xxx/CVE-2018-0608.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://github.com/h2o/h2o/issues/1775" - }, - { - "url": "http://jvn.jp/en/jp/JVN93226941/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "version 2.2.4 and earlier" - } - ] - }, - "product_name": "H2O" - } - ] - }, - "vendor_name": "Kazuho Oku" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0608", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Buffer Overflow" - } - ] - } - ] - } -} +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0608", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "H2O", + "version" : { + "version_data" : [ + { + "version_value" : "version 2.2.4 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Kazuho Oku" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/h2o/h2o/issues/1775", + "refsource" : "MISC", + "url" : "https://github.com/h2o/h2o/issues/1775" + }, + { + "name" : "JVN#93226941", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN93226941/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0609.json b/2018/0xxx/CVE-2018-0609.json index 51a1f291d6f..653a2b39fba 100644 --- a/2018/0xxx/CVE-2018-0609.json +++ b/2018/0xxx/CVE-2018-0609.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://linecorp.com/en/security/article/172" - }, - { - "url": "http://jvn.jp/en/jp/JVN92265618/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "versions before 5.8.0" - } - ] - }, - "product_name": "LINE for Windows" - } - ] - }, - "vendor_name": "LINE Corporation" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0609", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Untrusted search path vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0609", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "LINE for Windows", + "version" : { + "version_data" : [ + { + "version_value" : "versions before 5.8.0" + } + ] + } + } + ] + }, + "vendor_name" : "LINE Corporation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://linecorp.com/en/security/article/172", + "refsource" : "MISC", + "url" : "https://linecorp.com/en/security/article/172" + }, + { + "name" : "JVN#92265618", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN92265618/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0610.json b/2018/0xxx/CVE-2018-0610.json index ef2d4b4577e..ccf13c65793 100644 --- a/2018/0xxx/CVE-2018-0610.json +++ b/2018/0xxx/CVE-2018-0610.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://www.zenphoto.org/news/zenphoto-1.5" - }, - { - "url": "http://jvn.jp/en/jp/JVN33124193/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "1.4.14 and earlier" - } - ] - }, - "product_name": "Zenphoto" - } - ] - }, - "vendor_name": "Zenphoto" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0610", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Local file inclusion vulnerability" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0610", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Zenphoto", + "version" : { + "version_data" : [ + { + "version_value" : "1.4.14 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Zenphoto" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Local file inclusion vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.zenphoto.org/news/zenphoto-1.5", + "refsource" : "MISC", + "url" : "https://www.zenphoto.org/news/zenphoto-1.5" + }, + { + "name" : "JVN#33124193", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN33124193/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0611.json b/2018/0xxx/CVE-2018-0611.json index c64df906eeb..057942c84e3 100644 --- a/2018/0xxx/CVE-2018-0611.json +++ b/2018/0xxx/CVE-2018-0611.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title" - }, - { - "url": "http://jvn.jp/en/jp/JVN71535108/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "version 4.0.22 and earlier" - } - ] - }, - "product_name": "ANA App for iOS" - } - ] - }, - "vendor_name": "ALL NIPPON AIRWAYS CO., LTD" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0611", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Fails to verify SSL certificates" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0611", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "ANA App for iOS", + "version" : { + "version_data" : [ + { + "version_value" : "version 4.0.22 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "ALL NIPPON AIRWAYS CO., LTD" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Fails to verify SSL certificates" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title", + "refsource" : "MISC", + "url" : "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title" + }, + { + "name" : "JVN#71535108", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN71535108/index.html" + } + ] + } +} diff --git a/2018/0xxx/CVE-2018-0612.json b/2018/0xxx/CVE-2018-0612.json index 56327422efa..6e8429c63a4 100644 --- a/2018/0xxx/CVE-2018-0612.json +++ b/2018/0xxx/CVE-2018-0612.json @@ -1,62 +1,67 @@ -{ - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://chrome.google.com/webstore/detail/5000%E5%85%86%E5%86%86%E3%82%B3%E3%83%B3%E3%83%90%E3%83%BC%E3%82%BF%E3%83%BC/mgaphgebhfgmkahikdhdomnnpelbijmo" - }, - { - "url": "http://jvn.jp/en/jp/JVN98975951/index.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "v1.0.6" - } - ] - }, - "product_name": "5000 trillion yen converter" - } - ] - }, - "vendor_name": "Owen" - } - ] - } - }, - "CVE_data_meta": { - "ID": "CVE-2018-0612", - "ASSIGNER": "vultures@jpcert.or.jp" - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site scripting" - } - ] - } - ] - } -} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "vultures@jpcert.or.jp", + "ID" : "CVE-2018-0612", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "5000 trillion yen converter", + "version" : { + "version_data" : [ + { + "version_value" : "v1.0.6" + } + ] + } + } + ] + }, + "vendor_name" : "Owen" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-site scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://chrome.google.com/webstore/detail/5000%E5%85%86%E5%86%86%E3%82%B3%E3%83%B3%E3%83%90%E3%83%BC%E3%82%BF%E3%83%BC/mgaphgebhfgmkahikdhdomnnpelbijmo", + "refsource" : "MISC", + "url" : "https://chrome.google.com/webstore/detail/5000%E5%85%86%E5%86%86%E3%82%B3%E3%83%B3%E3%83%90%E3%83%BC%E3%82%BF%E3%83%BC/mgaphgebhfgmkahikdhdomnnpelbijmo" + }, + { + "name" : "JVN#98975951", + "refsource" : "JVN", + "url" : "http://jvn.jp/en/jp/JVN98975951/index.html" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000204.json b/2018/1000xxx/CVE-2018-1000204.json index 802e19a545f..a434902a9ac 100644 --- a/2018/1000xxx/CVE-2018-1000204.json +++ b/2018/1000xxx/CVE-2018-1000204.json @@ -1,64 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "kurt@seifried.org", - "DATE_ASSIGNED": "2018-06-08", - "ID": "CVE-2018-1000204", - "REQUESTER": "glider@google.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Linux Kernel", - "version": { - "version_data": [ - { - "version_value": "3.18 to 4.16" - } + "CVE_data_meta" : { + "ASSIGNER" : "kurt@seifried.org", + "DATE_ASSIGNED" : "2018-06-08", + "ID" : "CVE-2018-1000204", + "REQUESTER" : "glider@google.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Linux Kernel", + "version" : { + "version_data" : [ + { + "version_value" : "3.18 to 4.16" + } + ] + } + } ] - } - } - ] - }, - "vendor_name": "Linux Kernel" - } + }, + "vendor_name" : "Linux Kernel" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream already: https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible." + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream already: https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824", - "refsource": "CONFIRM", - "url": "https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824" - } - ] - } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-200" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824", + "refsource" : "CONFIRM", + "url" : "https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824" + } + ] + } } diff --git a/2018/10xxx/CVE-2018-10852.json b/2018/10xxx/CVE-2018-10852.json index afa7cb0c43a..3c23b9671e7 100644 --- a/2018/10xxx/CVE-2018-10852.json +++ b/2018/10xxx/CVE-2018-10852.json @@ -1,69 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-10852", - "ASSIGNER": "sfowler@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "[UNKNOWN]", - "product": { - "product_data": [ - { - "product_name": "sssd", - "version": { - "version_data": [ - { - "version_value": "SSSD 1.16.3" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "sfowler@redhat.com", + "ID" : "CVE-2018-10852", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "sssd", + "version" : { + "version_data" : [ + { + "version_value" : "SSSD 1.16.3" + } + ] + } + } + ] + }, + "vendor_name" : "[UNKNOWN]" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "3.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-200" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "3.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852" + } + ] + } }