admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-06-26 10:04:39 -04:00
parent d8398b12a6
commit e81f879a6f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
41 changed files with 2727 additions and 2535 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
2018/0xxx/CVE-2018-0526.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://support.cybozu.com/ja-jp/article/10030"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0526",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Office",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0 to 10.7.0"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.7.0"
}
]
},
"product_name": "Cybozu Office"
}
]
},
"vendor_name": "Cybozu, Inc."
"vendor_name" : "Cybozu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0526",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
"lang" : "eng",
"value" : "Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.cybozu.com/ja-jp/article/10030",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/10030"
},
{
"name" : "JVN#51737843",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0527.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://support.cybozu.com/ja-jp/article/10029"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Office",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0 to 10.7.0"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.7.0"
}
]
},
"product_name": "Cybozu Office"
}
]
},
"vendor_name": "Cybozu, Inc."
"vendor_name" : "Cybozu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0527",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.cybozu.com/ja-jp/article/10029",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/10029"
},
{
"name" : "JVN#51737843",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0528.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://support.cybozu.com/ja-jp/article/9812"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Office",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0 to 10.7.0"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.7.0"
}
]
},
"product_name": "Cybozu Office"
}
]
},
"vendor_name": "Cybozu, Inc."
"vendor_name" : "Cybozu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0528",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
"lang" : "eng",
"value" : "Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.cybozu.com/ja-jp/article/9812",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/9812"
},
{
"name" : "JVN#51737843",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0529.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://support.cybozu.com/ja-jp/article/10052"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0529",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Office",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0 to 10.7.0"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.7.0"
}
]
},
"product_name": "Cybozu Office"
}
]
},
"vendor_name": "Cybozu, Inc."
"vendor_name" : "Cybozu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0529",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
"lang" : "eng",
"value" : "Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial-of-service (DoS)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.cybozu.com/ja-jp/article/10052",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/10052"
},
{
"name" : "JVN#51737843",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0557.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://support.cybozu.com/ja-jp/article/10194"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0557",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Mailwise",
"version" : {
"version_data" : [
{
"version_value" : "5.0.0 to 5.4.1"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.4.1"
}
]
},
"product_name": "Cybozu Mailwise"
}
]
},
"vendor_name": "Cybozu, Inc."
"vendor_name" : "Cybozu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0557",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
"lang" : "eng",
"value" : "Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.cybozu.com/ja-jp/article/10194",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/10194"
},
{
"name" : "JVN#52319657",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52319657/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0558.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://support.cybozu.com/ja-jp/article/10193"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Mailwise",
"version" : {
"version_data" : [
{
"version_value" : "5.0.0 to 5.4.1"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected ross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.4.1"
}
]
},
"product_name": "Cybozu Mailwise"
}
]
},
"vendor_name": "Cybozu, Inc."
"vendor_name" : "Cybozu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0558",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
"lang" : "eng",
"value" : "Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.cybozu.com/ja-jp/article/10193",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/10193"
},
{
"name" : "JVN#52319657",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52319657/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0559.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://support.cybozu.com/ja-jp/article/10196"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN52319657/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Mailwise",
"version" : {
"version_data" : [
{
"version_value" : "5.0.0 to 5.4.1"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.4.1"
}
]
},
"product_name": "Cybozu Mailwise"
}
]
},
"vendor_name": "Cybozu, Inc."
"vendor_name" : "Cybozu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0559",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.cybozu.com/ja-jp/article/10196",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/10196"
},
{
"name" : "JVN#52319657",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52319657/index.html"
}
]
}

101
2018/0xxx/CVE-2018-0563.json
View File

@ -1,64 +1,71 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://flets.com/customer/tec/fvc/setup/esat_install.html"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0563",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "https://flets.com/customer/next/sec/setup/esat_install.html"
},
"product" : {
"product_data" : [
{
"url": "http://jvn.jp/en/jp/JVN20040004/index.html"
"product_name" : "the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions"
}
]
},
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
"vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0563",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://flets.com/customer/next/sec/setup/esat_install.html",
"refsource" : "MISC",
"url" : "https://flets.com/customer/next/sec/setup/esat_install.html"
},
{
"name" : "https://flets.com/customer/tec/fvc/setup/esat_install.html",
"refsource" : "MISC",
"url" : "https://flets.com/customer/tec/fvc/setup/esat_install.html"
},
{
"name" : "JVN#20040004",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN20040004/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0565.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://support.cybozu.com/ja-jp/article/10200"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Office",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0 to 10.8.0"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.0"
}
]
},
"product_name": "Cybozu Office"
}
]
},
"vendor_name": "Cybozu, Inc."
"vendor_name" : "Cybozu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0565",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.cybozu.com/ja-jp/article/10200",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/10200"
},
{
"name" : "JVN#51737843",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0566.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://support.cybozu.com/ja-jp/article/10195"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Office",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0 to 10.8.0"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.0"
}
]
},
"product_name": "Cybozu Office"
}
]
},
"vendor_name": "Cybozu, Inc."
"vendor_name" : "Cybozu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0566",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
"lang" : "eng",
"value" : "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.cybozu.com/ja-jp/article/10195",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/10195"
},
{
"name" : "JVN#51737843",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0567.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://support.cybozu.com/ja-jp/article/10198"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0567",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Office",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0 to 10.8.0"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.0"
}
]
},
"product_name": "Cybozu Office"
}
]
},
"vendor_name": "Cybozu, Inc."
"vendor_name" : "Cybozu, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0567",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
"lang" : "eng",
"value" : "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to restrict access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.cybozu.com/ja-jp/article/10198",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/10198"
},
{
"name" : "JVN#51737843",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0569.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://basercms.net/security/JVN67881316"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
"product" : {
"product_data" : [
{
"product_name" : "baserCMS",
"version" : {
"version_data" : [
{
"version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
},
"product_name": "baserCMS"
}
]
},
"vendor_name": "baserCMS Users Community"
"vendor_name" : "baserCMS Users Community"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0569",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
"lang" : "eng",
"value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://basercms.net/security/JVN67881316",
"refsource" : "MISC",
"url" : "https://basercms.net/security/JVN67881316"
},
{
"name" : "JVN#67881316",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0570.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://basercms.net/security/JVN67881316"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
"product" : {
"product_data" : [
{
"product_name" : "baserCMS",
"version" : {
"version_data" : [
{
"version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
},
"product_name": "baserCMS"
}
]
},
"vendor_name": "baserCMS Users Community"
"vendor_name" : "baserCMS Users Community"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0570",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://basercms.net/security/JVN67881316",
"refsource" : "MISC",
"url" : "https://basercms.net/security/JVN67881316"
},
{
"name" : "JVN#67881316",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0571.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://basercms.net/security/JVN67881316"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0571",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
"product" : {
"product_data" : [
{
"product_name" : "baserCMS",
"version" : {
"version_data" : [
{
"version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
},
"product_name": "baserCMS"
}
]
},
"vendor_name": "baserCMS Users Community"
"vendor_name" : "baserCMS Users Community"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0571",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type"
"lang" : "eng",
"value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://basercms.net/security/JVN67881316",
"refsource" : "MISC",
"url" : "https://basercms.net/security/JVN67881316"
},
{
"name" : "JVN#67881316",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0572.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://basercms.net/security/JVN67881316"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
"product" : {
"product_data" : [
{
"product_name" : "baserCMS",
"version" : {
"version_data" : [
{
"version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
},
"product_name": "baserCMS"
}
]
},
"vendor_name": "baserCMS Users Community"
"vendor_name" : "baserCMS Users Community"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0572",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
"lang" : "eng",
"value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to restrict access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://basercms.net/security/JVN67881316",
"refsource" : "MISC",
"url" : "https://basercms.net/security/JVN67881316"
},
{
"name" : "JVN#67881316",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0573.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://basercms.net/security/JVN67881316"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0573",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
"product" : {
"product_data" : [
{
"product_name" : "baserCMS",
"version" : {
"version_data" : [
{
"version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
},
"product_name": "baserCMS"
}
]
},
"vendor_name": "baserCMS Users Community"
"vendor_name" : "baserCMS Users Community"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0573",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
"lang" : "eng",
"value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to restrict access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://basercms.net/security/JVN67881316",
"refsource" : "MISC",
"url" : "https://basercms.net/security/JVN67881316"
},
{
"name" : "JVN#67881316",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0574.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://basercms.net/security/JVN67881316"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0574",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
"product" : {
"product_data" : [
{
"product_name" : "baserCMS",
"version" : {
"version_data" : [
{
"version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
},
"product_name": "baserCMS"
}
]
},
"vendor_name": "baserCMS Users Community"
"vendor_name" : "baserCMS Users Community"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0574",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://basercms.net/security/JVN67881316",
"refsource" : "MISC",
"url" : "https://basercms.net/security/JVN67881316"
},
{
"name" : "JVN#67881316",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0575.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://basercms.net/security/JVN67881316"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
"product" : {
"product_data" : [
{
"product_name" : "baserCMS",
"version" : {
"version_data" : [
{
"version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
},
"product_name": "baserCMS"
}
]
},
"vendor_name": "baserCMS Users Community"
"vendor_name" : "baserCMS Users Community"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0575",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
"lang" : "eng",
"value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to restrict access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://basercms.net/security/JVN67881316",
"refsource" : "MISC",
"url" : "https://basercms.net/security/JVN67881316"
},
{
"name" : "JVN#67881316",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}

89
2018/0xxx/CVE-2018-0584.json
View File

@ -1,58 +1,61 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN27137002/index.html"
"product" : {
"product_data" : [
{
"product_name" : "IIJ SmartKey App for Android",
"version" : {
"version_data" : [
{
"version_value" : "version 2.1.0 and earlier"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "version 2.1.0 and earlier"
}
]
},
"product_name": "IIJ SmartKey App for Android"
}
]
},
"vendor_name": "Internet Initiative Japan Inc."
"vendor_name" : "Internet Initiative Japan Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0584",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
"lang" : "eng",
"value" : "IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#27137002",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN27137002/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0592.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0592",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN91151862/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Microsoft OneDrive",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "Microsoft OneDrive"
}
]
},
"vendor_name": "Microsoft"
"vendor_name" : "Microsoft"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0592",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource" : "MISC",
"url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name" : "JVN#91151862",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0593.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0593",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN91151862/index.html"
"product" : {
"product_data" : [
{
"product_name" : "The installer of Microsoft OneDrive",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "The installer of Microsoft OneDrive"
}
]
},
"vendor_name": "Microsoft"
"vendor_name" : "Microsoft"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0593",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource" : "MISC",
"url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name" : "JVN#91151862",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0594.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN91151862/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Skype for Windows",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "Skype for Windows"
}
]
},
"vendor_name": "Microsoft"
"vendor_name" : "Microsoft"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0594",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource" : "MISC",
"url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name" : "JVN#91151862",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0595.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN91151862/index.html"
"product" : {
"product_data" : [
{
"product_name" : "The installer of Skype for Windows",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "The installer of Skype for Windows"
}
]
},
"vendor_name": "Microsoft"
"vendor_name" : "Microsoft"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0595",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource" : "MISC",
"url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name" : "JVN#91151862",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0596.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0596",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN91151862/index.html"
"product" : {
"product_data" : [
{
"product_name" : "The installer of Visual Studio Community",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "The installer of Visual Studio Community"
}
]
},
"vendor_name": "Microsoft"
"vendor_name" : "Microsoft"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0596",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource" : "MISC",
"url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name" : "JVN#91151862",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0597.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0597",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN91151862/index.html"
"product" : {
"product_data" : [
{
"product_name" : "The installer of Visual Studio Code",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "The installer of Visual Studio Code"
}
]
},
"vendor_name": "Microsoft"
"vendor_name" : "Microsoft"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0597",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource" : "MISC",
"url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name" : "JVN#91151862",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0598.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0598",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN72748502/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Self-extracting archive files created by IExpress bundled with Microsoft Windows",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "Self-extracting archive files created by IExpress bundled with Microsoft Windows"
}
]
},
"vendor_name": "Microsoft"
"vendor_name" : "Microsoft"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0598",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource" : "MISC",
"url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name" : "JVN#72748502",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN72748502/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0599.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN81196185/index.html"
"product" : {
"product_data" : [
{
"product_name" : "The installer of Visual C++ Redistributable",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "The installer of Visual C++ Redistributable"
}
]
},
"vendor_name": "Microsoft"
"vendor_name" : "Microsoft"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0599",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource" : "MISC",
"url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name" : "JVN#81196185",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN81196185/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0600.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0600",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN13940333/index.html"
"product" : {
"product_data" : [
{
"product_name" : "the installer of PlayMemories Home for Windows",
"version" : {
"version_data" : [
{
"version_value" : "ver.5.5.01 and earlier"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "ver.5.5.01 and earlier"
}
]
},
"product_name": "the installer of PlayMemories Home for Windows"
}
]
},
"vendor_name": "Sony Corporation"
"vendor_name" : "Sony Corporation"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0600",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html",
"refsource" : "MISC",
"url" : "http://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/ja/index.html"
},
{
"name" : "JVN#13940333",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN13940333/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0601.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0601",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN79301396/index.html"
"product" : {
"product_data" : [
{
"product_name" : "axpdfium",
"version" : {
"version_data" : [
{
"version_value" : "v0.01"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v0.01"
}
]
},
"product_name": "axpdfium"
}
]
},
"vendor_name": "Yasutaka ATARASHI"
"vendor_name" : "Yasutaka ATARASHI"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0601",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
"lang" : "eng",
"value" : "Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)",
"refsource" : "MISC",
"url" : "https://github.com/yak1ex/axpdfium/wiki/JVN%2379301396(en)"
},
{
"name" : "JVN#79301396",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN79301396/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0602.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/email-subscribers/#developers"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0602",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN16471686/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Email Subscribers & Newsletters",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 3.5.0"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "prior to version 3.5.0"
}
]
},
"product_name": "Email Subscribers & Newsletters"
}
]
},
"vendor_name": "icegram"
"vendor_name" : "icegram"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0602",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/email-subscribers/#developers",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/email-subscribers/#developers"
},
{
"name" : "JVN#16471686",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN16471686/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0603.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/site-reviews/#developers"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN60978548/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Site Reviews",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 2.15.3"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "prior to version 2.15.3"
}
]
},
"product_name": "Site Reviews"
}
]
},
"vendor_name": "Gemini Labs"
"vendor_name" : "Gemini Labs"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0603",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/site-reviews/#developers",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/site-reviews/#developers"
},
{
"name" : "JVN#60978548",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN60978548/index.html"
}
]
}

89
2018/0xxx/CVE-2018-0604.json
View File

@ -1,58 +1,61 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0604",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN27978559/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Pixelpost",
"version" : {
"version_data" : [
{
"version_value" : "v1.7.3 and earlier"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v1.7.3 and earlier"
}
]
},
"product_name": "Pixelpost"
}
]
},
"vendor_name": "Pixelpost.org"
"vendor_name" : "Pixelpost.org"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0604",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
"lang" : "eng",
"value" : "Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#27978559",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN27978559/index.html"
}
]
}

89
2018/0xxx/CVE-2018-0605.json
View File

@ -1,58 +1,61 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN27978559/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Pixelpost",
"version" : {
"version_data" : [
{
"version_value" : "v1.7.3 and earlier"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v1.7.3 and earlier"
}
]
},
"product_name": "Pixelpost"
}
]
},
"vendor_name": "Pixelpost.org"
"vendor_name" : "Pixelpost.org"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0605",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#27978559",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN27978559/index.html"
}
]
}

89
2018/0xxx/CVE-2018-0606.json
View File

@ -1,58 +1,61 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0606",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN27978559/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Pixelpost",
"version" : {
"version_data" : [
{
"version_value" : "v1.7.3 and earlier"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v1.7.3 and earlier"
}
]
},
"product_name": "Pixelpost"
}
]
},
"vendor_name": "Pixelpost.org"
"vendor_name" : "Pixelpost.org"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0606",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
"lang" : "eng",
"value" : "SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#27978559",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN27978559/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0608.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://github.com/h2o/h2o/issues/1775"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN93226941/index.html"
"product" : {
"product_data" : [
{
"product_name" : "H2O",
"version" : {
"version_data" : [
{
"version_value" : "version 2.2.4 and earlier"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "version 2.2.4 and earlier"
}
]
},
"product_name": "H2O"
}
]
},
"vendor_name": "Kazuho Oku"
"vendor_name" : "Kazuho Oku"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0608",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
"lang" : "eng",
"value" : "Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/h2o/h2o/issues/1775",
"refsource" : "MISC",
"url" : "https://github.com/h2o/h2o/issues/1775"
},
{
"name" : "JVN#93226941",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN93226941/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0609.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://linecorp.com/en/security/article/172"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN92265618/index.html"
"product" : {
"product_data" : [
{
"product_name" : "LINE for Windows",
"version" : {
"version_data" : [
{
"version_value" : "versions before 5.8.0"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "versions before 5.8.0"
}
]
},
"product_name": "LINE for Windows"
}
]
},
"vendor_name": "LINE Corporation"
"vendor_name" : "LINE Corporation"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0609",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
"lang" : "eng",
"value" : "Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://linecorp.com/en/security/article/172",
"refsource" : "MISC",
"url" : "https://linecorp.com/en/security/article/172"
},
{
"name" : "JVN#92265618",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN92265618/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0610.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.zenphoto.org/news/zenphoto-1.5"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN33124193/index.html"
"product" : {
"product_data" : [
{
"product_name" : "Zenphoto",
"version" : {
"version_data" : [
{
"version_value" : "1.4.14 and earlier"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.4.14 and earlier"
}
]
},
"product_name": "Zenphoto"
}
]
},
"vendor_name": "Zenphoto"
"vendor_name" : "Zenphoto"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0610",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Local file inclusion vulnerability"
"lang" : "eng",
"value" : "Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Local file inclusion vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.zenphoto.org/news/zenphoto-1.5",
"refsource" : "MISC",
"url" : "https://www.zenphoto.org/news/zenphoto-1.5"
},
{
"name" : "JVN#33124193",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN33124193/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0611.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN71535108/index.html"
"product" : {
"product_data" : [
{
"product_name" : "ANA App for iOS",
"version" : {
"version_data" : [
{
"version_value" : "version 4.0.22 and earlier"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "version 4.0.22 and earlier"
}
]
},
"product_name": "ANA App for iOS"
}
]
},
"vendor_name": "ALL NIPPON AIRWAYS CO., LTD"
"vendor_name" : "ALL NIPPON AIRWAYS CO., LTD"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0611",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
"lang" : "eng",
"value" : "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to verify SSL certificates"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title",
"refsource" : "MISC",
"url" : "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
},
{
"name" : "JVN#71535108",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN71535108/index.html"
}
]
}

95
2018/0xxx/CVE-2018-0612.json
View File

@ -1,61 +1,66 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://chrome.google.com/webstore/detail/5000%E5%85%86%E5%86%86%E3%82%B3%E3%83%B3%E3%83%90%E3%83%BC%E3%82%BF%E3%83%BC/mgaphgebhfgmkahikdhdomnnpelbijmo"
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"url": "http://jvn.jp/en/jp/JVN98975951/index.html"
"product" : {
"product_data" : [
{
"product_name" : "5000 trillion yen converter",
"version" : {
"version_data" : [
{
"version_value" : "v1.0.6"
}
]
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "v1.0.6"
}
]
},
"product_name": "5000 trillion yen converter"
}
]
},
"vendor_name": "Owen"
"vendor_name" : "Owen"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0612",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chrome.google.com/webstore/detail/5000%E5%85%86%E5%86%86%E3%82%B3%E3%83%B3%E3%83%90%E3%83%BC%E3%82%BF%E3%83%BC/mgaphgebhfgmkahikdhdomnnpelbijmo",
"refsource" : "MISC",
"url" : "https://chrome.google.com/webstore/detail/5000%E5%85%86%E5%86%86%E3%82%B3%E3%83%B3%E3%83%90%E3%83%BC%E3%82%BF%E3%83%BC/mgaphgebhfgmkahikdhdomnnpelbijmo"
},
{
"name" : "JVN#98975951",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN98975951/index.html"
}
]
}

66
2018/1000xxx/CVE-2018-1000204.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2018-06-08",
"ID": "CVE-2018-1000204",
"REQUESTER": "glider@google.com",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-08",
"ID" : "CVE-2018-1000204",
"REQUESTER" : "glider@google.com",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
"product_name" : "Linux Kernel",
"version" : {
"version_data" : [
{
"version_value": "3.18 to 4.16"
"version_value" : "3.18 to 4.16"
}
]
}
}
]
},
"vendor_name": "Linux Kernel"
"vendor_name" : "Linux Kernel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream already: https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible."
"lang" : "eng",
"value" : "Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream already: https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-200"
"lang" : "eng",
"value" : "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824"
"name" : "https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824"
}
]
}

91
2018/10xxx/CVE-2018-10852.json
View File

@ -1,69 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-10852",
"ASSIGNER": "sfowler@redhat.com"
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2018-10852",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "sssd",
"version": {
"version_data": [
"product_name" : "sssd",
"version" : {
"version_data" : [
{
"version_value": "SSSD 1.16.3"
"version_value" : "SSSD 1.16.3"
}
]
}
}
]
}
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
"lang" : "eng",
"value" : "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3."
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3."
}
]
},
"impact": {
"cvss": [
"impact" : {
"cvss" : [
[
{
"vectorString": "3.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
"vectorString" : "3.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852"
}
]
}
}