diff --git a/2018/19xxx/CVE-2018-19201.json b/2018/19xxx/CVE-2018-19201.json new file mode 100644 index 00000000000..3a057f46146 --- /dev/null +++ b/2018/19xxx/CVE-2018-19201.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19201", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19202.json b/2018/19xxx/CVE-2018-19202.json new file mode 100644 index 00000000000..ef49f442a4b --- /dev/null +++ b/2018/19xxx/CVE-2018-19202.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19202", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19203.json b/2018/19xxx/CVE-2018-19203.json new file mode 100644 index 00000000000..928b5753231 --- /dev/null +++ b/2018/19xxx/CVE-2018-19203.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19203", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://en.securitylab.ru/lab/PT-2018-22", + "refsource" : "MISC", + "url" : "http://en.securitylab.ru/lab/PT-2018-22" + }, + { + "name" : "https://www.paessler.com/prtg/history/stable#18.2.41.1652", + "refsource" : "MISC", + "url" : "https://www.paessler.com/prtg/history/stable#18.2.41.1652" + }, + { + "name" : "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-22/", + "refsource" : "MISC", + "url" : "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-22/" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19204.json b/2018/19xxx/CVE-2018-19204.json new file mode 100644 index 00000000000..c70707f9dab --- /dev/null +++ b/2018/19xxx/CVE-2018-19204.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19204", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \\Custom Sensors\\EXE directory and execute it by creating EXE/Script Sensor." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://en.securitylab.ru/lab/PT-2018-23", + "refsource" : "MISC", + "url" : "http://en.securitylab.ru/lab/PT-2018-23" + }, + { + "name" : "https://www.paessler.com/prtg/history/stable#18.3.44.2054", + "refsource" : "MISC", + "url" : "https://www.paessler.com/prtg/history/stable#18.3.44.2054" + }, + { + "name" : "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-23/", + "refsource" : "MISC", + "url" : "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-23/" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1786.json b/2018/1xxx/CVE-2018-1786.json index 9fa09fa837e..dd68c30d853 100644 --- a/2018/1xxx/CVE-2018-1786.json +++ b/2018/1xxx/CVE-2018-1786.json @@ -1,37 +1,9 @@ { "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2018-1786", "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-11-08T00:00:00" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "C" : "N", - "AV" : "N", - "PR" : "N", - "UI" : "N", - "AC" : "L", - "I" : "N", - "SCORE" : "5.300", - "A" : "L", - "S" : "U" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.", - "lang" : "eng" - } - ] + "DATE_PUBLIC" : "2018-11-08T00:00:00", + "ID" : "CVE-2018-1786", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -59,15 +31,44 @@ ] } }, - "data_type" : "CVE", "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "N", + "C" : "N", + "I" : "N", + "PR" : "N", + "S" : "U", + "SCORE" : "5.300", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Denial of Service", - "lang" : "eng" + "lang" : "eng", + "value" : "Denial of Service" } ] } @@ -76,18 +77,15 @@ "references" : { "reference_data" : [ { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738765", "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 738765 (Spectrum Protect)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738765", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738765" + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738765" }, { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871", - "name" : "ibm-tivoli-cve20181786-dos (148871)", + "name" : "ibm-tivoli-cve20181786-dos(148871)", "refsource" : "XF", - "title" : "X-Force Vulnerability Report" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871" } ] - }, - "data_version" : "4.0" + } } diff --git a/2018/1xxx/CVE-2018-1798.json b/2018/1xxx/CVE-2018-1798.json index 9f6438aa070..7a2a8ae186b 100644 --- a/2018/1xxx/CVE-2018-1798.json +++ b/2018/1xxx/CVE-2018-1798.json @@ -1,52 +1,10 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149428.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - }, - "BM" : { - "PR" : "N", - "AV" : "N", - "C" : "L", - "S" : "C", - "SCORE" : "6.100", - "A" : "N", - "I" : "L", - "UI" : "R", - "AC" : "L" - } - } - }, "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-11-08T00:00:00", "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-11-08T00:00:00", "ID" : "CVE-2018-1798", "STATE" : "PUBLIC" }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] - }, - "data_type" : "CVE", - "data_format" : "MITRE", "affects" : { "vendor" : { "vendor_data" : [ @@ -54,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "WebSphere Application Server", "version" : { "version_data" : [ { @@ -69,8 +28,7 @@ "version_value" : "9.0" } ] - }, - "product_name" : "WebSphere Application Server" + } } ] }, @@ -79,21 +37,61 @@ ] } }, - "references" : { - "reference_data" : [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 730703 (WebSphere Application Server)", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10730703", - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10730703" - }, - { - "name" : "ibm-websphere-cve20181798-xss (149428)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149428", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" + "lang" : "eng", + "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149428." } ] }, - "data_version" : "4.0" + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AC" : "L", + "AV" : "N", + "C" : "L", + "I" : "L", + "PR" : "N", + "S" : "C", + "SCORE" : "6.100", + "UI" : "R" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10730703", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10730703" + }, + { + "name" : "ibm-websphere-cve20181798-xss(149428)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149428" + } + ] + } } diff --git a/2018/1xxx/CVE-2018-1884.json b/2018/1xxx/CVE-2018-1884.json index 2b95084fa3f..020d5411031 100644 --- a/2018/1xxx/CVE-2018-1884.json +++ b/2018/1xxx/CVE-2018-1884.json @@ -1,60 +1,14 @@ { - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737897", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737897", - "title" : "IBM Security Bulletin 737897 (Case Manager)", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-case-cve20181884-code-exec (151970)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_version" : "4.0", "CVE_data_meta" : { - "DATE_PUBLIC" : "2018-11-08T00:00:00", "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-11-08T00:00:00", "ID" : "CVE-2018-1884", "STATE" : "PUBLIC" }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "AC" : "L", - "UI" : "R", - "S" : "U", - "A" : "L", - "SCORE" : "4.800", - "I" : "L", - "C" : "L", - "AV" : "L", - "PR" : "L" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerabile to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.", - "lang" : "eng" - } - ] - }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -83,23 +37,67 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerabile to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "L", + "AC" : "L", + "AV" : "L", + "C" : "L", + "I" : "L", + "PR" : "L", + "S" : "U", + "SCORE" : "4.800", + "UI" : "R" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + } + } + }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Gain Access", - "lang" : "eng" + "lang" : "eng", + "value" : "Gain Access" } ] } ] }, - "data_format" : "MITRE", - "data_type" : "CVE" + "references" : { + "reference_data" : [ + { + "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10737897", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10737897" + }, + { + "name" : "ibm-case-cve20181884-code-exec(151970)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970" + } + ] + } }