admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-06-26 10:04:39 -04:00
parent d8398b12a6
commit e81f879a6f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
41 changed files with 2727 additions and 2535 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
2018/0xxx/CVE-2018-0526.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0526",
{ "STATE" : "PUBLIC"
"url": "https://support.cybozu.com/ja-jp/article/10030" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN51737843/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Cybozu Office",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors." {
} "version_value" : "10.0.0 to 10.7.0"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Cybozu, Inc."
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "10.0.0 to 10.7.0" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Cybozu Office" "lang" : "eng",
} "value" : "Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors."
] }
}, ]
"vendor_name": "Cybozu, Inc." },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0526", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Information Disclosure"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Information Disclosure" "name" : "https://support.cybozu.com/ja-jp/article/10030",
} "refsource" : "CONFIRM",
] "url" : "https://support.cybozu.com/ja-jp/article/10030"
} },
] {
} "name" : "JVN#51737843",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0527.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0527",
{ "STATE" : "PUBLIC"
"url": "https://support.cybozu.com/ja-jp/article/10029" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN51737843/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Cybozu Office",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." {
} "version_value" : "10.0.0 to 10.7.0"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Cybozu, Inc."
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "10.0.0 to 10.7.0" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Cybozu Office" "lang" : "eng",
} "value" : "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
}, ]
"vendor_name": "Cybozu, Inc." },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0527", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Cross-site scripting"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Cross-site scripting" "name" : "https://support.cybozu.com/ja-jp/article/10029",
} "refsource" : "CONFIRM",
] "url" : "https://support.cybozu.com/ja-jp/article/10029"
} },
] {
} "name" : "JVN#51737843",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0528.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0528",
{ "STATE" : "PUBLIC"
"url": "https://support.cybozu.com/ja-jp/article/9812" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN51737843/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Cybozu Office",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors." {
} "version_value" : "10.0.0 to 10.7.0"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Cybozu, Inc."
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "10.0.0 to 10.7.0" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Cybozu Office" "lang" : "eng",
} "value" : "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors."
] }
}, ]
"vendor_name": "Cybozu, Inc." },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0528", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Authentication bypass"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Authentication bypass" "name" : "https://support.cybozu.com/ja-jp/article/9812",
} "refsource" : "CONFIRM",
] "url" : "https://support.cybozu.com/ja-jp/article/9812"
} },
] {
} "name" : "JVN#51737843",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0529.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0529",
{ "STATE" : "PUBLIC"
"url": "https://support.cybozu.com/ja-jp/article/10052" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN51737843/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Cybozu Office",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors." {
} "version_value" : "10.0.0 to 10.7.0"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Cybozu, Inc."
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "10.0.0 to 10.7.0" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Cybozu Office" "lang" : "eng",
} "value" : "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors."
] }
}, ]
"vendor_name": "Cybozu, Inc." },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0529", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Denial-of-service (DoS)"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Denial-of-service (DoS)" "name" : "https://support.cybozu.com/ja-jp/article/10052",
} "refsource" : "CONFIRM",
] "url" : "https://support.cybozu.com/ja-jp/article/10052"
} },
] {
} "name" : "JVN#51737843",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0557.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0557",
{ "STATE" : "PUBLIC"
"url": "https://support.cybozu.com/ja-jp/article/10194" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN52319657/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Cybozu Mailwise",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors." {
} "version_value" : "5.0.0 to 5.4.1"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Cybozu, Inc."
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "5.0.0 to 5.4.1" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Cybozu Mailwise" "lang" : "eng",
} "value" : "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors."
] }
}, ]
"vendor_name": "Cybozu, Inc." },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0557", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Cross-site scripting"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Cross-site scripting" "name" : "https://support.cybozu.com/ja-jp/article/10194",
} "refsource" : "CONFIRM",
] "url" : "https://support.cybozu.com/ja-jp/article/10194"
} },
] {
} "name" : "JVN#52319657",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52319657/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0558.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0558",
{ "STATE" : "PUBLIC"
"url": "https://support.cybozu.com/ja-jp/article/10193" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN52319657/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Cybozu Mailwise",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Reflected ross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors." {
} "version_value" : "5.0.0 to 5.4.1"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Cybozu, Inc."
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "5.0.0 to 5.4.1" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Cybozu Mailwise" "lang" : "eng",
} "value" : "Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors."
] }
}, ]
"vendor_name": "Cybozu, Inc." },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0558", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Cross-site scripting"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Cross-site scripting" "name" : "https://support.cybozu.com/ja-jp/article/10193",
} "refsource" : "CONFIRM",
] "url" : "https://support.cybozu.com/ja-jp/article/10193"
} },
] {
} "name" : "JVN#52319657",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52319657/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0559.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0559",
{ "STATE" : "PUBLIC"
"url": "https://support.cybozu.com/ja-jp/article/10196" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN52319657/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Cybozu Mailwise",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors." {
} "version_value" : "5.0.0 to 5.4.1"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Cybozu, Inc."
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "5.0.0 to 5.4.1" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Cybozu Mailwise" "lang" : "eng",
} "value" : "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors."
] }
}, ]
"vendor_name": "Cybozu, Inc." },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0559", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Cross-site scripting"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Cross-site scripting" "name" : "https://support.cybozu.com/ja-jp/article/10196",
} "refsource" : "CONFIRM",
] "url" : "https://support.cybozu.com/ja-jp/article/10196"
} },
] {
} "name" : "JVN#52319657",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52319657/index.html"
}
]
}
}

137
2018/0xxx/CVE-2018-0563.json
View File

@ -1,65 +1,72 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0563",
{ "STATE" : "PUBLIC"
"url": "https://flets.com/customer/tec/fvc/setup/esat_install.html" },
}, "affects" : {
{ "vendor" : {
"url": "https://flets.com/customer/next/sec/setup/esat_install.html" "vendor_data" : [
}, {
{ "product" : {
"url": "http://jvn.jp/en/jp/JVN20040004/index.html" "product_data" : [
} {
] "product_name" : "the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions",
}, "version" : {
"description": { "version_data" : [
"description_data": [ {
{ "version_value" : ""
"lang": "eng", }
"value": "Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." ]
} }
] }
}, ]
"data_type": "CVE", },
"affects": { "vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
"vendor": { }
"vendor_data": [ ]
{ }
"product": { },
"product_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version": { "data_version" : "4.0",
"version_data": [ "description" : {
{ "description_data" : [
"version_value": "" {
} "lang" : "eng",
] "value" : "Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}, }
"product_name": "the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions" ]
} },
] "problemtype" : {
}, "problemtype_data" : [
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION" {
} "description" : [
] {
} "lang" : "eng",
}, "value" : "Untrusted search path vulnerability"
"CVE_data_meta": { }
"ID": "CVE-2018-0563", ]
"ASSIGNER": "vultures@jpcert.or.jp" }
}, ]
"data_format": "MITRE", },
"problemtype": { "references" : {
"problemtype_data": [ "reference_data" : [
{ {
"description": [ "name" : "https://flets.com/customer/next/sec/setup/esat_install.html",
{ "refsource" : "MISC",
"lang": "eng", "url" : "https://flets.com/customer/next/sec/setup/esat_install.html"
"value": "Untrusted search path vulnerability" },
} {
] "name" : "https://flets.com/customer/tec/fvc/setup/esat_install.html",
} "refsource" : "MISC",
] "url" : "https://flets.com/customer/tec/fvc/setup/esat_install.html"
} },
} {
"name" : "JVN#20040004",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN20040004/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0565.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0565",
{ "STATE" : "PUBLIC"
"url": "https://support.cybozu.com/ja-jp/article/10200" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN51737843/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Cybozu Office",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." {
} "version_value" : "10.0.0 to 10.8.0"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Cybozu, Inc."
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "10.0.0 to 10.8.0" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Cybozu Office" "lang" : "eng",
} "value" : "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
}, ]
"vendor_name": "Cybozu, Inc." },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0565", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Cross-site scripting"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Cross-site scripting" "name" : "https://support.cybozu.com/ja-jp/article/10200",
} "refsource" : "CONFIRM",
] "url" : "https://support.cybozu.com/ja-jp/article/10200"
} },
] {
} "name" : "JVN#51737843",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0566.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0566",
{ "STATE" : "PUBLIC"
"url": "https://support.cybozu.com/ja-jp/article/10195" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN51737843/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Cybozu Office",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors." {
} "version_value" : "10.0.0 to 10.8.0"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Cybozu, Inc."
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "10.0.0 to 10.8.0" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Cybozu Office" "lang" : "eng",
} "value" : "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors."
] }
}, ]
"vendor_name": "Cybozu, Inc." },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0566", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Authentication bypass"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Authentication bypass" "name" : "https://support.cybozu.com/ja-jp/article/10195",
} "refsource" : "CONFIRM",
] "url" : "https://support.cybozu.com/ja-jp/article/10195"
} },
] {
} "name" : "JVN#51737843",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0567.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0567",
{ "STATE" : "PUBLIC"
"url": "https://support.cybozu.com/ja-jp/article/10198" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN51737843/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Cybozu Office",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors." {
} "version_value" : "10.0.0 to 10.8.0"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Cybozu, Inc."
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "10.0.0 to 10.8.0" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Cybozu Office" "lang" : "eng",
} "value" : "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors."
] }
}, ]
"vendor_name": "Cybozu, Inc." },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0567", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Fails to restrict access"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Fails to restrict access" "name" : "https://support.cybozu.com/ja-jp/article/10198",
} "refsource" : "CONFIRM",
] "url" : "https://support.cybozu.com/ja-jp/article/10198"
} },
] {
} "name" : "JVN#51737843",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0569.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0569",
{ "STATE" : "PUBLIC"
"url": "https://basercms.net/security/JVN67881316" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN67881316/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "baserCMS",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors." {
} "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "baserCMS Users Community"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "baserCMS" "lang" : "eng",
} "value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors."
] }
}, ]
"vendor_name": "baserCMS Users Community" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0569", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "OS Command Injection"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "OS Command Injection" "name" : "https://basercms.net/security/JVN67881316",
} "refsource" : "MISC",
] "url" : "https://basercms.net/security/JVN67881316"
} },
] {
} "name" : "JVN#67881316",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0570.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0570",
{ "STATE" : "PUBLIC"
"url": "https://basercms.net/security/JVN67881316" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN67881316/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "baserCMS",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." {
} "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "baserCMS Users Community"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "baserCMS" "lang" : "eng",
} "value" : "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
}, ]
"vendor_name": "baserCMS Users Community" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0570", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Cross-site scripting"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Cross-site scripting" "name" : "https://basercms.net/security/JVN67881316",
} "refsource" : "MISC",
] "url" : "https://basercms.net/security/JVN67881316"
} },
] {
} "name" : "JVN#67881316",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0571.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0571",
{ "STATE" : "PUBLIC"
"url": "https://basercms.net/security/JVN67881316" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN67881316/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "baserCMS",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files." {
} "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "baserCMS Users Community"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "baserCMS" "lang" : "eng",
} "value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files."
] }
}, ]
"vendor_name": "baserCMS Users Community" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0571", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Unrestricted Upload of File with Dangerous Type"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Unrestricted Upload of File with Dangerous Type" "name" : "https://basercms.net/security/JVN67881316",
} "refsource" : "MISC",
] "url" : "https://basercms.net/security/JVN67881316"
} },
] {
} "name" : "JVN#67881316",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0572.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0572",
{ "STATE" : "PUBLIC"
"url": "https://basercms.net/security/JVN67881316" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN67881316/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "baserCMS",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors." {
} "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "baserCMS Users Community"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "baserCMS" "lang" : "eng",
} "value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors."
] }
}, ]
"vendor_name": "baserCMS Users Community" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0572", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Fails to restrict access"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Fails to restrict access" "name" : "https://basercms.net/security/JVN67881316",
} "refsource" : "MISC",
] "url" : "https://basercms.net/security/JVN67881316"
} },
] {
} "name" : "JVN#67881316",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0573.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0573",
{ "STATE" : "PUBLIC"
"url": "https://basercms.net/security/JVN67881316" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN67881316/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "baserCMS",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors." {
} "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "baserCMS Users Community"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "baserCMS" "lang" : "eng",
} "value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors."
] }
}, ]
"vendor_name": "baserCMS Users Community" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0573", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Fails to restrict access"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Fails to restrict access" "name" : "https://basercms.net/security/JVN67881316",
} "refsource" : "MISC",
] "url" : "https://basercms.net/security/JVN67881316"
} },
] {
} "name" : "JVN#67881316",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0574.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0574",
{ "STATE" : "PUBLIC"
"url": "https://basercms.net/security/JVN67881316" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN67881316/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "baserCMS",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." {
} "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "baserCMS Users Community"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "baserCMS" "lang" : "eng",
} "value" : "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
}, ]
"vendor_name": "baserCMS Users Community" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0574", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Cross-site scripting"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Cross-site scripting" "name" : "https://basercms.net/security/JVN67881316",
} "refsource" : "MISC",
] "url" : "https://basercms.net/security/JVN67881316"
} },
] {
} "name" : "JVN#67881316",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0575.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0575",
{ "STATE" : "PUBLIC"
"url": "https://basercms.net/security/JVN67881316" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN67881316/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "baserCMS",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors." {
} "version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "baserCMS Users Community"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "baserCMS" "lang" : "eng",
} "value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors."
] }
}, ]
"vendor_name": "baserCMS Users Community" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0575", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Fails to restrict access"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Fails to restrict access" "name" : "https://basercms.net/security/JVN67881316",
} "refsource" : "MISC",
] "url" : "https://basercms.net/security/JVN67881316"
} },
] {
} "name" : "JVN#67881316",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0584.json
View File

@ -1,59 +1,62 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0584",
{ "STATE" : "PUBLIC"
"url": "http://jvn.jp/en/jp/JVN27137002/index.html" },
} "affects" : {
] "vendor" : {
}, "vendor_data" : [
"description": { {
"description_data": [ "product" : {
{ "product_data" : [
"lang": "eng", {
"value": "IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors." "product_name" : "IIJ SmartKey App for Android",
} "version" : {
] "version_data" : [
}, {
"data_type": "CVE", "version_value" : "version 2.1.0 and earlier"
"affects": { }
"vendor": { ]
"vendor_data": [ }
{ }
"product": { ]
"product_data": [ },
{ "vendor_name" : "Internet Initiative Japan Inc."
"version": { }
"version_data": [ ]
{ }
"version_value": "version 2.1.0 and earlier" },
} "data_format" : "MITRE",
] "data_type" : "CVE",
}, "data_version" : "4.0",
"product_name": "IIJ SmartKey App for Android" "description" : {
} "description_data" : [
] {
}, "lang" : "eng",
"vendor_name": "Internet Initiative Japan Inc." "value" : "IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors."
} }
] ]
} },
}, "problemtype" : {
"CVE_data_meta": { "problemtype_data" : [
"ID": "CVE-2018-0584", {
"ASSIGNER": "vultures@jpcert.or.jp" "description" : [
}, {
"data_format": "MITRE", "lang" : "eng",
"problemtype": { "value" : "Authentication bypass"
"problemtype_data": [ }
{ ]
"description": [ }
{ ]
"lang": "eng", },
"value": "Authentication bypass" "references" : {
} "reference_data" : [
] {
} "name" : "JVN#27137002",
] "refsource" : "JVN",
} "url" : "http://jvn.jp/en/jp/JVN27137002/index.html"
} }
]
}
}

129
2018/0xxx/CVE-2018-0592.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0592",
{ "STATE" : "PUBLIC"
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN91151862/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Microsoft OneDrive",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." {
} "version_value" : ""
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Microsoft"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Microsoft OneDrive" "lang" : "eng",
} "value" : "Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
}, ]
"vendor_name": "Microsoft" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0592", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Untrusted search path vulnerability"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Untrusted search path vulnerability" "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
} "refsource" : "MISC",
] "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
} },
] {
} "name" : "JVN#91151862",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0593.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0593",
{ "STATE" : "PUBLIC"
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN91151862/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "The installer of Microsoft OneDrive",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." {
} "version_value" : ""
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Microsoft"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "The installer of Microsoft OneDrive" "lang" : "eng",
} "value" : "Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
}, ]
"vendor_name": "Microsoft" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0593", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Untrusted search path vulnerability"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Untrusted search path vulnerability" "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
} "refsource" : "MISC",
] "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
} },
] {
} "name" : "JVN#91151862",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0594.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0594",
{ "STATE" : "PUBLIC"
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN91151862/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Skype for Windows",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." {
} "version_value" : ""
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Microsoft"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Skype for Windows" "lang" : "eng",
} "value" : "Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
}, ]
"vendor_name": "Microsoft" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0594", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Untrusted search path vulnerability"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Untrusted search path vulnerability" "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
} "refsource" : "MISC",
] "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
} },
] {
} "name" : "JVN#91151862",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0595.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0595",
{ "STATE" : "PUBLIC"
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN91151862/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "The installer of Skype for Windows",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." {
} "version_value" : ""
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Microsoft"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "The installer of Skype for Windows" "lang" : "eng",
} "value" : "Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
}, ]
"vendor_name": "Microsoft" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0595", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Untrusted search path vulnerability"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Untrusted search path vulnerability" "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
} "refsource" : "MISC",
] "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
} },
] {
} "name" : "JVN#91151862",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0596.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0596",
{ "STATE" : "PUBLIC"
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN91151862/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "The installer of Visual Studio Community",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." {
} "version_value" : ""
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Microsoft"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "The installer of Visual Studio Community" "lang" : "eng",
} "value" : "Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
}, ]
"vendor_name": "Microsoft" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0596", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Untrusted search path vulnerability"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Untrusted search path vulnerability" "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
} "refsource" : "MISC",
] "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
} },
] {
} "name" : "JVN#91151862",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0597.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0597",
{ "STATE" : "PUBLIC"
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN91151862/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "The installer of Visual Studio Code",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." {
} "version_value" : ""
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Microsoft"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "The installer of Visual Studio Code" "lang" : "eng",
} "value" : "Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
}, ]
"vendor_name": "Microsoft" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0597", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Untrusted search path vulnerability"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Untrusted search path vulnerability" "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
} "refsource" : "MISC",
] "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
} },
] {
} "name" : "JVN#91151862",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0598.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0598",
{ "STATE" : "PUBLIC"
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN72748502/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Self-extracting archive files created by IExpress bundled with Microsoft Windows",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." {
} "version_value" : ""
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Microsoft"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Self-extracting archive files created by IExpress bundled with Microsoft Windows" "lang" : "eng",
} "value" : "Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
}, ]
"vendor_name": "Microsoft" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0598", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Untrusted search path vulnerability"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Untrusted search path vulnerability" "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
} "refsource" : "MISC",
] "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
} },
] {
} "name" : "JVN#72748502",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN72748502/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0599.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0599",
{ "STATE" : "PUBLIC"
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN81196185/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "The installer of Visual C++ Redistributable",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." {
} "version_value" : ""
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Microsoft"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "The installer of Visual C++ Redistributable" "lang" : "eng",
} "value" : "Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
}, ]
"vendor_name": "Microsoft" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0599", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Untrusted search path vulnerability"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Untrusted search path vulnerability" "name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
} "refsource" : "MISC",
] "url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
} },
] {
} "name" : "JVN#81196185",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN81196185/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0600.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0600",
{ "STATE" : "PUBLIC"
"url": "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN13940333/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "the installer of PlayMemories Home for Windows",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." {
} "version_value" : "ver.5.5.01 and earlier"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Sony Corporation"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "ver.5.5.01 and earlier" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "the installer of PlayMemories Home for Windows" "lang" : "eng",
} "value" : "Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
}, ]
"vendor_name": "Sony Corporation" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0600", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Untrusted search path vulnerability"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Untrusted search path vulnerability" "name" : "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html",
} "refsource" : "MISC",
] "url" : "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html"
} },
] {
} "name" : "JVN#13940333",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN13940333/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0601.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0601",
{ "STATE" : "PUBLIC"
"url": "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN79301396/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "axpdfium",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." {
} "version_value" : "v0.01"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Yasutaka ATARASHI"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "v0.01" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "axpdfium" "lang" : "eng",
} "value" : "Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
}, ]
"vendor_name": "Yasutaka ATARASHI" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0601", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Untrusted search path vulnerability"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Untrusted search path vulnerability" "name" : "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)",
} "refsource" : "MISC",
] "url" : "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)"
} },
] {
} "name" : "JVN#79301396",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN79301396/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0602.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0602",
{ "STATE" : "PUBLIC"
"url": "https://wordpress.org/plugins/email-subscribers/#developers" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN16471686/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Email Subscribers & Newsletters",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." {
} "version_value" : "prior to version 3.5.0"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "icegram"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "prior to version 3.5.0" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Email Subscribers & Newsletters" "lang" : "eng",
} "value" : "Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
}, ]
"vendor_name": "icegram" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0602", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Cross-site scripting"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Cross-site scripting" "name" : "https://wordpress.org/plugins/email-subscribers/#developers",
} "refsource" : "MISC",
] "url" : "https://wordpress.org/plugins/email-subscribers/#developers"
} },
] {
} "name" : "JVN#16471686",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN16471686/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0603.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0603",
{ "STATE" : "PUBLIC"
"url": "https://wordpress.org/plugins/site-reviews/#developers" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN60978548/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Site Reviews",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." {
} "version_value" : "prior to version 2.15.3"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Gemini Labs"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "prior to version 2.15.3" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Site Reviews" "lang" : "eng",
} "value" : "Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
}, ]
"vendor_name": "Gemini Labs" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0603", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Cross-site scripting"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Cross-site scripting" "name" : "https://wordpress.org/plugins/site-reviews/#developers",
} "refsource" : "MISC",
] "url" : "https://wordpress.org/plugins/site-reviews/#developers"
} },
] {
} "name" : "JVN#60978548",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN60978548/index.html"
}
]
}
}

121
2018/0xxx/CVE-2018-0604.json
View File

@ -1,59 +1,62 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0604",
{ "STATE" : "PUBLIC"
"url": "http://jvn.jp/en/jp/JVN27978559/index.html" },
} "affects" : {
] "vendor" : {
}, "vendor_data" : [
"description": { {
"description_data": [ "product" : {
{ "product_data" : [
"lang": "eng", {
"value": "Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors." "product_name" : "Pixelpost",
} "version" : {
] "version_data" : [
}, {
"data_type": "CVE", "version_value" : "v1.7.3 and earlier"
"affects": { }
"vendor": { ]
"vendor_data": [ }
{ }
"product": { ]
"product_data": [ },
{ "vendor_name" : "Pixelpost.org"
"version": { }
"version_data": [ ]
{ }
"version_value": "v1.7.3 and earlier" },
} "data_format" : "MITRE",
] "data_type" : "CVE",
}, "data_version" : "4.0",
"product_name": "Pixelpost" "description" : {
} "description_data" : [
] {
}, "lang" : "eng",
"vendor_name": "Pixelpost.org" "value" : "Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors."
} }
] ]
} },
}, "problemtype" : {
"CVE_data_meta": { "problemtype_data" : [
"ID": "CVE-2018-0604", {
"ASSIGNER": "vultures@jpcert.or.jp" "description" : [
}, {
"data_format": "MITRE", "lang" : "eng",
"problemtype": { "value" : "Remote code execution"
"problemtype_data": [ }
{ ]
"description": [ }
{ ]
"lang": "eng", },
"value": "Remote code execution" "references" : {
} "reference_data" : [
] {
} "name" : "JVN#27978559",
] "refsource" : "JVN",
} "url" : "http://jvn.jp/en/jp/JVN27978559/index.html"
} }
]
}
}

121
2018/0xxx/CVE-2018-0605.json
View File

@ -1,59 +1,62 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0605",
{ "STATE" : "PUBLIC"
"url": "http://jvn.jp/en/jp/JVN27978559/index.html" },
} "affects" : {
] "vendor" : {
}, "vendor_data" : [
"description": { {
"description_data": [ "product" : {
{ "product_data" : [
"lang": "eng", {
"value": "Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." "product_name" : "Pixelpost",
} "version" : {
] "version_data" : [
}, {
"data_type": "CVE", "version_value" : "v1.7.3 and earlier"
"affects": { }
"vendor": { ]
"vendor_data": [ }
{ }
"product": { ]
"product_data": [ },
{ "vendor_name" : "Pixelpost.org"
"version": { }
"version_data": [ ]
{ }
"version_value": "v1.7.3 and earlier" },
} "data_format" : "MITRE",
] "data_type" : "CVE",
}, "data_version" : "4.0",
"product_name": "Pixelpost" "description" : {
} "description_data" : [
] {
}, "lang" : "eng",
"vendor_name": "Pixelpost.org" "value" : "Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
} }
] ]
} },
}, "problemtype" : {
"CVE_data_meta": { "problemtype_data" : [
"ID": "CVE-2018-0605", {
"ASSIGNER": "vultures@jpcert.or.jp" "description" : [
}, {
"data_format": "MITRE", "lang" : "eng",
"problemtype": { "value" : "Cross-site scripting"
"problemtype_data": [ }
{ ]
"description": [ }
{ ]
"lang": "eng", },
"value": "Cross-site scripting" "references" : {
} "reference_data" : [
] {
} "name" : "JVN#27978559",
] "refsource" : "JVN",
} "url" : "http://jvn.jp/en/jp/JVN27978559/index.html"
} }
]
}
}

121
2018/0xxx/CVE-2018-0606.json
View File

@ -1,59 +1,62 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0606",
{ "STATE" : "PUBLIC"
"url": "http://jvn.jp/en/jp/JVN27978559/index.html" },
} "affects" : {
] "vendor" : {
}, "vendor_data" : [
"description": { {
"description_data": [ "product" : {
{ "product_data" : [
"lang": "eng", {
"value": "SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors." "product_name" : "Pixelpost",
} "version" : {
] "version_data" : [
}, {
"data_type": "CVE", "version_value" : "v1.7.3 and earlier"
"affects": { }
"vendor": { ]
"vendor_data": [ }
{ }
"product": { ]
"product_data": [ },
{ "vendor_name" : "Pixelpost.org"
"version": { }
"version_data": [ ]
{ }
"version_value": "v1.7.3 and earlier" },
} "data_format" : "MITRE",
] "data_type" : "CVE",
}, "data_version" : "4.0",
"product_name": "Pixelpost" "description" : {
} "description_data" : [
] {
}, "lang" : "eng",
"vendor_name": "Pixelpost.org" "value" : "SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
} }
] ]
} },
}, "problemtype" : {
"CVE_data_meta": { "problemtype_data" : [
"ID": "CVE-2018-0606", {
"ASSIGNER": "vultures@jpcert.or.jp" "description" : [
}, {
"data_format": "MITRE", "lang" : "eng",
"problemtype": { "value" : "SQL Injection"
"problemtype_data": [ }
{ ]
"description": [ }
{ ]
"lang": "eng", },
"value": "SQL Injection" "references" : {
} "reference_data" : [
] {
} "name" : "JVN#27978559",
] "refsource" : "JVN",
} "url" : "http://jvn.jp/en/jp/JVN27978559/index.html"
} }
]
}
}

129
2018/0xxx/CVE-2018-0608.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0608",
{ "STATE" : "PUBLIC"
"url": "https://github.com/h2o/h2o/issues/1775" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN93226941/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "H2O",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors." {
} "version_value" : "version 2.2.4 and earlier"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Kazuho Oku"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "version 2.2.4 and earlier" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "H2O" "lang" : "eng",
} "value" : "Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors."
] }
}, ]
"vendor_name": "Kazuho Oku" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0608", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Buffer Overflow"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Buffer Overflow" "name" : "https://github.com/h2o/h2o/issues/1775",
} "refsource" : "MISC",
] "url" : "https://github.com/h2o/h2o/issues/1775"
} },
] {
} "name" : "JVN#93226941",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN93226941/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0609.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0609",
{ "STATE" : "PUBLIC"
"url": "https://linecorp.com/en/security/article/172" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN92265618/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "LINE for Windows",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." {
} "version_value" : "versions before 5.8.0"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "LINE Corporation"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "versions before 5.8.0" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "LINE for Windows" "lang" : "eng",
} "value" : "Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
}, ]
"vendor_name": "LINE Corporation" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0609", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Untrusted search path vulnerability"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Untrusted search path vulnerability" "name" : "https://linecorp.com/en/security/article/172",
} "refsource" : "MISC",
] "url" : "https://linecorp.com/en/security/article/172"
} },
] {
} "name" : "JVN#92265618",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN92265618/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0610.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0610",
{ "STATE" : "PUBLIC"
"url": "https://www.zenphoto.org/news/zenphoto-1.5" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN33124193/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "Zenphoto",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information." {
} "version_value" : "1.4.14 and earlier"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Zenphoto"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "1.4.14 and earlier" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "Zenphoto" "lang" : "eng",
} "value" : "Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information."
] }
}, ]
"vendor_name": "Zenphoto" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0610", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Local file inclusion vulnerability"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Local file inclusion vulnerability" "name" : "https://www.zenphoto.org/news/zenphoto-1.5",
} "refsource" : "MISC",
] "url" : "https://www.zenphoto.org/news/zenphoto-1.5"
} },
] {
} "name" : "JVN#33124193",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN33124193/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0611.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0611",
{ "STATE" : "PUBLIC"
"url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN71535108/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "ANA App for iOS",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." {
} "version_value" : "version 4.0.22 and earlier"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "ALL NIPPON AIRWAYS CO., LTD"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "version 4.0.22 and earlier" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "ANA App for iOS" "lang" : "eng",
} "value" : "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
] }
}, ]
"vendor_name": "ALL NIPPON AIRWAYS CO., LTD" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0611", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Fails to verify SSL certificates"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Fails to verify SSL certificates" "name" : "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title",
} "refsource" : "MISC",
] "url" : "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
} },
] {
} "name" : "JVN#71535108",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN71535108/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0612.json
View File

@ -1,62 +1,67 @@
{ {
"data_version": "4.0", "CVE_data_meta" : {
"references": { "ASSIGNER" : "vultures@jpcert.or.jp",
"reference_data": [ "ID" : "CVE-2018-0612",
{ "STATE" : "PUBLIC"
"url": "https://chrome.google.com/webstore/detail/5000%E5%85%86%E5%86%86%E3%82%B3%E3%83%B3%E3%83%90%E3%83%BC%E3%82%BF%E3%83%BC/mgaphgebhfgmkahikdhdomnnpelbijmo" },
}, "affects" : {
{ "vendor" : {
"url": "http://jvn.jp/en/jp/JVN98975951/index.html" "vendor_data" : [
} {
] "product" : {
}, "product_data" : [
"description": { {
"description_data": [ "product_name" : "5000 trillion yen converter",
{ "version" : {
"lang": "eng", "version_data" : [
"value": "Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." {
} "version_value" : "v1.0.6"
] }
}, ]
"data_type": "CVE", }
"affects": { }
"vendor": { ]
"vendor_data": [ },
{ "vendor_name" : "Owen"
"product": { }
"product_data": [ ]
{ }
"version": { },
"version_data": [ "data_format" : "MITRE",
{ "data_type" : "CVE",
"version_value": "v1.0.6" "data_version" : "4.0",
} "description" : {
] "description_data" : [
}, {
"product_name": "5000 trillion yen converter" "lang" : "eng",
} "value" : "Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
}, ]
"vendor_name": "Owen" },
} "problemtype" : {
] "problemtype_data" : [
} {
}, "description" : [
"CVE_data_meta": { {
"ID": "CVE-2018-0612", "lang" : "eng",
"ASSIGNER": "vultures@jpcert.or.jp" "value" : "Cross-site scripting"
}, }
"data_format": "MITRE", ]
"problemtype": { }
"problemtype_data": [ ]
{ },
"description": [ "references" : {
{ "reference_data" : [
"lang": "eng", {
"value": "Cross-site scripting" "name" : "https://chrome.google.com/webstore/detail/5000%E5%85%86%E5%86%86%E3%82%B3%E3%83%B3%E3%83%90%E3%83%BC%E3%82%BF%E3%83%BC/mgaphgebhfgmkahikdhdomnnpelbijmo",
} "refsource" : "MISC",
] "url" : "https://chrome.google.com/webstore/detail/5000%E5%85%86%E5%86%86%E3%82%B3%E3%83%B3%E3%83%90%E3%83%BC%E3%82%BF%E3%83%BC/mgaphgebhfgmkahikdhdomnnpelbijmo"
} },
] {
} "name" : "JVN#98975951",
} "refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN98975951/index.html"
}
]
}
}

120
2018/1000xxx/CVE-2018-1000204.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "kurt@seifried.org", "ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED": "2018-06-08", "DATE_ASSIGNED" : "2018-06-08",
"ID": "CVE-2018-1000204", "ID" : "CVE-2018-1000204",
"REQUESTER": "glider@google.com", "REQUESTER" : "glider@google.com",
"STATE": "PUBLIC" "STATE" : "PUBLIC"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [ "vendor_data" : [
{ {
"product": { "product" : {
"product_data": [ "product_data" : [
{ {
"product_name": "Linux Kernel", "product_name" : "Linux Kernel",
"version": { "version" : {
"version_data": [ "version_data" : [
{ {
"version_value": "3.18 to 4.16" "version_value" : "3.18 to 4.16"
} }
]
}
}
] ]
} },
} "vendor_name" : "Linux Kernel"
] }
}, ]
"vendor_name": "Linux Kernel" }
} },
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream already: https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible."
}
] ]
} },
}, "problemtype" : {
"data_format": "MITRE", "problemtype_data" : [
"data_type": "CVE", {
"data_version": "4.0", "description" : [
"description": { {
"description_data": [ "lang" : "eng",
{ "value" : "CWE-200"
"lang": "eng", }
"value": "Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream already: https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible." ]
} }
] ]
}, },
"problemtype": { "references" : {
"problemtype_data": [ "reference_data" : [
{ {
"description": [ "name" : "https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824",
{ "refsource" : "CONFIRM",
"lang": "eng", "url" : "https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824"
"value": "CWE-200" }
} ]
] }
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824"
}
]
}
} }

135
2018/10xxx/CVE-2018-10852.json
View File

@ -1,69 +1,72 @@
{ {
"data_type": "CVE", "CVE_data_meta" : {
"data_format": "MITRE", "ASSIGNER" : "sfowler@redhat.com",
"data_version": "4.0", "ID" : "CVE-2018-10852",
"CVE_data_meta": { "STATE" : "PUBLIC"
"ID": "CVE-2018-10852", },
"ASSIGNER": "sfowler@redhat.com" "affects" : {
}, "vendor" : {
"affects": { "vendor_data" : [
"vendor": { {
"vendor_data": [ "product" : {
{ "product_data" : [
"vendor_name": "[UNKNOWN]", {
"product": { "product_name" : "sssd",
"product_data": [ "version" : {
{ "version_data" : [
"product_name": "sssd", {
"version": { "version_value" : "SSSD 1.16.3"
"version_data": [ }
{ ]
"version_value": "SSSD 1.16.3" }
} }
] ]
} },
} "vendor_name" : "[UNKNOWN]"
] }
} ]
} }
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "3.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
] ]
} }
}, ]
"problemtype": { },
"problemtype_data": [ "references" : {
{ "reference_data" : [
"description": [ {
{ "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852",
"lang": "eng", "refsource" : "CONFIRM",
"value": "CWE-200" "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
]
]
}
} }