diff options
Diffstat (limited to 'data/nvdcve-1.0-2018.json')
| -rwxr-xr-x | data/nvdcve-1.0-2018.json | 30018 |
1 files changed, 0 insertions, 30018 deletions
diff --git a/data/nvdcve-1.0-2018.json b/data/nvdcve-1.0-2018.json deleted file mode 100755 index 6c8f7dbf..00000000 --- a/data/nvdcve-1.0-2018.json +++ /dev/null @@ -1,30018 +0,0 @@ -{
- "CVE_data_type" : "CVE",
- "CVE_data_format" : "MITRE",
- "CVE_data_version" : "4.0",
- "CVE_data_numberOfCVEs" : "486",
- "CVE_data_timestamp" : "2018-01-22T08:00Z",
- "CVE_Items" : [ {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0001",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040180"
- }, {
- "url" : "https://kb.juniper.net/JSA10828"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-15T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0002",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040178"
- }, {
- "url" : "https://kb.juniper.net/JSA10829"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-15T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0003",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040179"
- }, {
- "url" : "https://kb.juniper.net/JSA10831"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3R12 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D45, 14.1X53-D107; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D65, 15.1X53-D231; 16.1 versions prior to 16.1R3-S6, 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2-S1, 16.2R3; 17.1 versions prior to 17.1R2-S2, 17.1R3; 17.2 versions prior to 17.2R1-S3, 17.2R2; 17.2X75 versions prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-15T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0004",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040183"
- }, {
- "url" : "https://kb.juniper.net/JSA10832"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversely one or more running processes running on the system. Once this occurs, the high CPU event(s) affects either or both the forwarding and control plane. As a result of this condition the device can become inaccessible in either or both the control and forwarding plane and stops forwarding traffic until the device is rebooted. The issue will reoccur after reboot upon receiving further transit traffic. Score: 5.7 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) For network designs utilizing layer 3 forwarding agents or other ARP through layer 3 technologies, the score is slightly higher. Score: 6.5 MEDIUM (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) If the following entry exists in the RE message logs then this may indicate the issue is present. This entry may or may not appear when this issue occurs. /kernel: Expensive timeout(9) function: Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D50; 12.3X48 versions prior to 12.3X48-D30; 12.3R versions prior to 12.3R12-S7; 14.1 versions prior to 14.1R8-S4, 14.1R9; 14.1X53 versions prior to 14.1X53-D30, 14.1X53-D34; 14.2 versions prior to 14.2R8; 15.1 versions prior to 15.1F6, 15.1R3; 15.1X49 versions prior to 15.1X49-D40; 15.1X53 versions prior to 15.1X53-D31, 15.1X53-D33, 15.1X53-D60. No other Juniper Networks products or platforms are affected by this issue."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0005",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040182"
- }, {
- "url" : "https://kb.juniper.net/JSA10833"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior to 15.1R7."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-15T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0006",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040184"
- }, {
- "url" : "https://kb.juniper.net/JSA10834"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization by the BBE subscriber management daemon (bbe-smgd), and lead to a denial of service condition. The issue was caused by attempting to process an unbounded number of pending VLAN authentication requests, leading to excessive memory allocation. This issue only affects devices configured for DHCPv4/v6 over AE auto-sensed VLANs, utilized in Broadband Edge (BBE) deployments. Other configurations are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R6-S2, 15.1R7; 16.1 versions prior to 16.1R5-S1, 16.1R6; 16.2 versions prior to 16.2R2-S2, 16.2R3; 17.1 versions prior to 17.1R2-S5, 17.1R3; 17.2 versions prior to 17.2R2."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0007",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040181"
- }, {
- "url" : "https://kb.juniper.net/JSA10830"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target device receiving and processing the malicious LLDP packet, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over the target device thereby elevating their permissions and privileges, and taking control of the device. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to one or more local segments, via LLDP proxy / tunneling agents or other LLDP through Layer 3 deployments, through one or more local segment broadcasts, may be able to cause multiple Junos devices to enter an improper boundary check condition allowing a memory corruption to occur, leading to multiple distributed Denials of Services. These Denials of Services attacks may have cascading Denials of Services to adjacent connected devices, impacts network devices, servers, workstations, etc. Further crafted packets may be able to sustain these Denials of Services conditions. Score 6.8 MEDIUM (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) Further, if the attacker is authenticated on one or more target devices receiving and processing these malicious LLDP packets, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over multiple target devices thereby elevating their permissions and privileges, and taking control multiple devices. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D46, 14.1X53-D50, 14.1X53-D107; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7; 15.1X49 versions prior to 15.1X49-D90; 15.1X53 versions prior to 15.1X53-D65; 16.1 versions prior to 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2; 17.1 versions prior to 17.1R2. No other Juniper Networks products or platforms are affected by this issue."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-15T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0008",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040186"
- }, {
- "url" : "https://kb.juniper.net/JSA10835"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a \"safe mode\" authentication state. Lastly, only logging in physically to the console port as root, with no password, will work. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX; 12.3X48 versions prior to 12.3X48-D55 on SRX; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D40 on QFX, EX; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6; 15.1X49 versions prior to 15.1X49-D110 on SRX; 15.1X53 versions prior to 15.1X53-D232 on QFX5200/5110; 15.1X53 versions prior to 15.1X53-D49, 15.1X53-D470 on NFX; 15.1X53 versions prior to 15.1X53-D65 on QFX10K; 16.1 versions prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0009",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102491"
- }, {
- "url" : "http://www.securitytracker.com/id/1040187"
- }, {
- "url" : "https://kb.juniper.net/JSA10836"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs starting with zeros can match all TCP traffic. Due to this issue, traffic that should have been blocked by other rules is permitted to flow through the device resulting in a firewall bypass condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX series; 12.3X48 versions prior to 12.3X48-D55 on SRX series; 15.1X49 versions prior to 15.1X49-D100 on SRX series."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0010",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://kb.juniper.net/JSA10840"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-10T22:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0011",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040189"
- }, {
- "url" : "https://kb.juniper.net/JSA10838"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-17T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0012",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040189"
- }, {
- "url" : "https://kb.juniper.net/JSA10838"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-17T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0013",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040189"
- }, {
- "url" : "https://kb.juniper.net/JSA10838"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may allow an authenticated user to retrieve files from the system."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-17T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0014",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040185"
- }, {
- "url" : "https://kb.juniper.net/JSA10841"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T22:29Z",
- "lastModifiedDate" : "2018-01-17T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0086",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040220"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0088",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040240"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-iess"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service (DoS) condition. The attacker has to have valid user credentials at privilege level 15. The vulnerability is due to a diagnostic test CLI command that allows the attacker to write to the device memory. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a specific diagnostic test command at the CLI. An exploit could allow the attacker to overwrite system memory locations, which could have a negative impact on the stability of the device. Cisco Bug IDs: CSCvf71150."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0089",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cps"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-18T06:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0090",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040247"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to high CPU utilization and a denial of service (DoS) condition. The vulnerability is due to a bad code fix in the 7.3.2 code train that could allow traffic to the management interface to be misclassified and not match the proper configured ACLs. An attacker could exploit this vulnerability by sending crafted traffic to the management interface. An exploit could allow the attacker to bypass the configured management interface ACLs and impact the CPU of the targeted device, resulting in a DoS condition. This vulnerability affects the following Cisco products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvf31132."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0091",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040241"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ise"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf73922."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0092",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040248"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos1"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is due to a lack of proper role-based access control (RBAC) checks for the actions that a user with the network-operator role is allowed to perform. An attacker could exploit this vulnerability by authenticating to the device with user credentials that give that user the network-operator role. Successful exploitation could allow the attacker to impact the integrity of the device by deleting configured user credentials. The attacker would need valid user credentials for the device. This vulnerability affects the following Cisco products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 3600 Platform Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvg21120."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0093",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102735"
- }, {
- "url" : "http://www.securitytracker.com/id/1040250"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wsa1"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf37392."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-21T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0094",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040249"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0095",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102729"
- }, {
- "url" : "http://www.securitytracker.com/id/1040221"
- }, {
- "url" : "http://www.securitytracker.com/id/1040222"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esasma"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is due to an incorrect networking configuration at the administrative shell CLI. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a set of crafted, malicious commands at the administrative shell. An exploit could allow the attacker to gain root access on the device. Cisco Bug IDs: CSCvb34303, CSCvb35726."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0096",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102727"
- }, {
- "url" : "http://www.securitytracker.com/id/1040242"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cpi"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0097",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102724"
- }, {
- "url" : "http://www.securitytracker.com/id/1040243"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0098",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wap"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve57076."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-18T06:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0099",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102731"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ntr"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command arguments. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable GUI command. An exploit could allow the attacker to execute commands on the underlying BusyBox operating system. These commands are run at the privilege level of the authenticated user. The attacker needs valid device credentials for this attack. Cisco Bug IDs: CSCvg74691."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-21T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0100",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102738"
- }, {
- "url" : "http://www.securitytracker.com/id/1040246"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-acpe"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by injecting a crafted XML file with malicious entries, which could allow the attacker to read and write files. Cisco Bug IDs: CSCvg19341."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-21T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0102",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102728"
- }, {
- "url" : "http://www.securitytracker.com/id/1040219"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0103",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "cisco",
- "product" : {
- "product_data" : [ {
- "product_name" : "webex_business_suite",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "webex_meetings",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "webex_meetings_server",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "webex_network_recording_player",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102369"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:cisco:webex_business_suite:-",
- "cpe23Uri" : "cpe:2.3:a:cisco:webex_business_suite:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:cisco:webex_meetings:-",
- "cpe23Uri" : "cpe:2.3:a:cisco:webex_meetings:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:cisco:webex_meetings_server:-",
- "cpe23Uri" : "cpe:2.3:a:cisco:webex_meetings_server:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:cisco:webex_network_recording_player:-",
- "cpe23Uri" : "cpe:2.3:a:cisco:webex_network_recording_player:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.3,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.3,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:M/Au:S/C:C/I:C/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.6
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 2.7,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T06:29Z",
- "lastModifiedDate" : "2018-01-18T22:40Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0104",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "cisco",
- "product" : {
- "product_data" : [ {
- "product_name" : "webex_business_suite",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "webex_meetings",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "webex_meetings_server",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "webex_network_recording_player",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102382"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:cisco:webex_business_suite:-",
- "cpe23Uri" : "cpe:2.3:a:cisco:webex_business_suite:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:cisco:webex_meetings:-",
- "cpe23Uri" : "cpe:2.3:a:cisco:webex_meetings:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:cisco:webex_meetings_server:-",
- "cpe23Uri" : "cpe:2.3:a:cisco:webex_meetings_server:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:cisco:webex_network_recording_player:-",
- "cpe23Uri" : "cpe:2.3:a:cisco:webex_network_recording_player:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 9.6,
- "baseSeverity" : "CRITICAL"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 6.0
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 9.3
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 8.6,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T06:29Z",
- "lastModifiedDate" : "2018-01-18T15:31Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0105",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102725"
- }, {
- "url" : "http://www.securitytracker.com/id/1040245"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0106",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esc"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by accessing unauthorized information within the ConfD directory and file structure. Successful exploitation could allow the attacker to view sensitive information. Cisco Bug IDs: CSCvg00221."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-18T06:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0107",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102719"
- }, {
- "url" : "http://www.securitytracker.com/id/1040244"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-psc"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCvg30313."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0108",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102720"
- }, {
- "url" : "http://www.securitytracker.com/id/1040238"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacker to perform an out-of-band XXE injection on the system, which could allow an attacker to capture customer files and redirect them to another destination address. An exploit could allow the attacker to discover sensitive customer data. Cisco Bug IDs: CSCvg36996."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0109",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102722"
- }, {
- "url" : "http://www.securitytracker.com/id/1040235"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms1"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server that could allow an attacker who is authenticated as root to gain shared secrets. An attacker could exploit the vulnerability by accessing the root account and viewing sensitive information. Successful exploitation could allow the attacker to discover sensitive information about the application. Cisco Bug IDs: CSCvg42664."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0110",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040236"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, even after access had been disabled in the web application. An attacker could exploit this vulnerability by connecting to the remote support account, even after it had been disabled at the web application level. An exploit could allow the attacker to modify server configuration and gain access to customer data. Cisco Bug IDs: CSCvg46741."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0111",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102723"
- }, {
- "url" : "http://www.securitytracker.com/id/1040237"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by utilizing available resources to study the customer network. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCvg46806."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0114",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102445"
- }, {
- "url" : "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md"
- }, {
- "url" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-04T06:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0115",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040239"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T06:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0118",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102478"
- }, {
- "url" : "http://www.securitytracker.com/id/1040193"
- }, {
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180110-ucm"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-11T09:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0486",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securitytracker.com/id/1040177"
- }, {
- "url" : "https://lists.debian.org/debian-security-announce/2018/msg00007.html"
- }, {
- "url" : "https://shibboleth.net/community/advisories/secadv_20180112.txt"
- }, {
- "url" : "https://www.debian.org/security/2018/dsa-4085"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T18:29Z",
- "lastModifiedDate" : "2018-01-15T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0741",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_7",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_server_2008",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- }, {
- "version_value" : "r2"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102349"
- }, {
- "url" : "http://www.securitytracker.com/id/1040093"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0741"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka \"Microsoft Color Management Information Disclosure Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_7::sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008::sp2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:r2:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.3,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 2.6
- },
- "severity" : "LOW",
- "exploitabilityScore" : 4.9,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-18T22:33Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0743",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_10",
- "version" : {
- "version_data" : [ {
- "version_value" : "1703"
- }, {
- "version_value" : "1709"
- } ]
- }
- }, {
- "product_name" : "windows_server_1709",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-264"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102350"
- }, {
- "url" : "http://www.securitytracker.com/id/1040094"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0743"
- }, {
- "url" : "https://twitter.com/AmarSaar/status/948892321755598848"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows Subsystem for Linux Elevation of Privilege Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_1709:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.0,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.0,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:M/Au:N/C:P/I:P/A:P)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.4
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.4,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-16T16:17Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0744",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_10",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "1511"
- }, {
- "version_value" : "1607"
- }, {
- "version_value" : "1703"
- }, {
- "version_value" : "1709"
- } ]
- }
- }, {
- "product_name" : "windows_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_rt_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_server_1709",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_server_2012",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2016",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-264"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102351"
- }, {
- "url" : "http://www.securitytracker.com/id/1040090"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0744"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43446/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows Elevation of Privilege Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_rt_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_1709:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.0,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.0,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:M/Au:N/C:P/I:P/A:P)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.4
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.4,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-16T15:28Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0745",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_10",
- "version" : {
- "version_data" : [ {
- "version_value" : "1703"
- }, {
- "version_value" : "1709"
- } ]
- }
- }, {
- "product_name" : "windows_server_1709",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102353"
- }, {
- "url" : "http://www.securitytracker.com/id/1040097"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43470/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka \"Windows Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_1709:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "LOCAL",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.7,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.0,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:M/Au:N/C:P/I:N/A:N)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 1.9
- },
- "severity" : "LOW",
- "exploitabilityScore" : 3.4,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-12T19:57Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0746",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_10",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "1511"
- }, {
- "version_value" : "1607"
- }, {
- "version_value" : "1703"
- }, {
- "version_value" : "1709"
- } ]
- }
- }, {
- "product_name" : "windows_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_rt_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_server_1709",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_server_2012",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2016",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102365"
- }, {
- "url" : "http://www.securitytracker.com/id/1040097"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0746"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43471/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_rt_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_1709:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "LOCAL",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.7,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.0,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:M/Au:N/C:P/I:N/A:N)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 1.9
- },
- "severity" : "LOW",
- "exploitabilityScore" : 3.4,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-12T19:57Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0747",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_10",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "1511"
- }, {
- "version_value" : "1607"
- }, {
- "version_value" : "1703"
- }, {
- "version_value" : "1709"
- } ]
- }
- }, {
- "product_name" : "windows_7",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_rt_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_server_1709",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_server_2008",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2012",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2016",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102366"
- }, {
- "url" : "http://www.securitytracker.com/id/1040097"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0747"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka \"Windows Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_7:-:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_rt_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_1709:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:-:sp2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:r2:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "LOCAL",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.7,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.0,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:M/Au:N/C:P/I:N/A:N)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 1.9
- },
- "severity" : "LOW",
- "exploitabilityScore" : 3.4,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-12T19:55Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0748",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_10",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "1511"
- }, {
- "version_value" : "1607"
- }, {
- "version_value" : "1703"
- }, {
- "version_value" : "1709"
- } ]
- }
- }, {
- "product_name" : "windows_7",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_rt_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_server_1709",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_server_2008",
- "version" : {
- "version_data" : [ {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2012",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2016",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-264"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102354"
- }, {
- "url" : "http://www.securitytracker.com/id/1040095"
- }, {
- "url" : "https://95cnsec.com/windows-kernel-cve-2018-0748-exploit.html"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0748"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43514/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka \"Windows Elevation of Privilege Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_7:-:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_rt_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_1709:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:r2:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.6
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0749",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_10",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "1511"
- }, {
- "version_value" : "1607"
- }, {
- "version_value" : "1703"
- }, {
- "version_value" : "1709"
- } ]
- }
- }, {
- "product_name" : "windows_7",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_rt_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_server_1709",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_server_2008",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2012",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2016",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-264"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102355"
- }, {
- "url" : "http://www.securitytracker.com/id/1040096"
- }, {
- "url" : "https://95cnsec.com/windows-smb-cve-2018-0749-exploit.html"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0749"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43517/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka \"Windows Elevation of Privilege Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_7:-:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_rt_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_1709:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:-:sp2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:r2:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.6
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0750",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_7",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_server_2008",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102357"
- }, {
- "url" : "http://www.securitytracker.com/id/1040091"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0750"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka \"Windows Elevation of Privilege Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_7:-:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:-:sp2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:r2:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:N/A:N)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 2.1
- },
- "severity" : "LOW",
- "exploitabilityScore" : 3.9,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-12T20:02Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0751",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_10",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "1511"
- }, {
- "version_value" : "1607"
- }, {
- "version_value" : "1703"
- }, {
- "version_value" : "1709"
- } ]
- }
- }, {
- "product_name" : "windows_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_rt_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_server_1709",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_server_2012",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2016",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-264"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102359"
- }, {
- "url" : "http://www.securitytracker.com/id/1040095"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0751"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43515/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka \"Windows Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2018-0752."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_rt_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_1709:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "NONE",
- "baseScore" : 7.1,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.2
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:N)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.6
- },
- "severity" : "LOW",
- "exploitabilityScore" : 3.9,
- "impactScore" : 4.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-16T15:32Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0752",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_10",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "1511"
- }, {
- "version_value" : "1607"
- }, {
- "version_value" : "1703"
- }, {
- "version_value" : "1709"
- } ]
- }
- }, {
- "product_name" : "windows_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_rt_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_server_1709",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_server_2012",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2016",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-264"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102360"
- }, {
- "url" : "http://www.securitytracker.com/id/1040095"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0752"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43516/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka \"Windows Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2018-0751."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_rt_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_1709:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.6
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0753",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_10",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "1511"
- }, {
- "version_value" : "1607"
- }, {
- "version_value" : "1703"
- }, {
- "version_value" : "1709"
- } ]
- }
- }, {
- "product_name" : "windows_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_rt_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_server_1709",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_server_2012",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2016",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102361"
- }, {
- "url" : "http://www.securitytracker.com/id/1040089"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0753"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka \"Windows IPSec Denial of Service Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_rt_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_1709:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 5.9,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.2,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:N/I:N/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.1
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 8.6,
- "impactScore" : 6.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-12T20:05Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0754",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_10",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "1511"
- }, {
- "version_value" : "1607"
- }, {
- "version_value" : "1703"
- }, {
- "version_value" : "1709"
- } ]
- }
- }, {
- "product_name" : "windows_7",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_server_1709",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "windows_server_2008",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2012",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2016",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102362"
- }, {
- "url" : "http://www.securitytracker.com/id/1040098"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0754"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka \"OpenType Font Driver Information Disclosure Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_7:-:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_1709:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:-:sp2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:r2:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:N/A:N)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 2.1
- },
- "severity" : "LOW",
- "exploitabilityScore" : 3.9,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-18T22:50Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0758",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102405"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0758"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43491/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : true,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-17T17:45Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0762",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "internet_explorer",
- "version" : {
- "version_data" : [ {
- "version_value" : "9"
- }, {
- "version_value" : "10"
- }, {
- "version_value" : "11"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102408"
- }, {
- "url" : "http://www.securitytracker.com/id/1040099"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0762"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:internet_explorer:10",
- "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:internet_explorer:11",
- "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_7:-:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_8.1:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_rt_8.1:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:r2:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:internet_explorer:9",
- "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:-:sp2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-17T18:21Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0764",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102387"
- }, {
- "url" : "http://www.securitytracker.com/id/1040152"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0766",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102388"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0766"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.3,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 1.4
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-17T17:46Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0767",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102393"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0767"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43522/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.3,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 2.6
- },
- "severity" : "LOW",
- "exploitabilityScore" : 4.9,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-17T17:42Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0768",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102395"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0768"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-17T18:22Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0769",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102396"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0769"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43710/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0770",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102397"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0770"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-17T18:22Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0772",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- }, {
- "product_name" : "internet_explorer",
- "version" : {
- "version_data" : [ {
- "version_value" : "9"
- }, {
- "version_value" : "10"
- }, {
- "version_value" : "11"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102409"
- }, {
- "url" : "http://www.securitytracker.com/id/1040099"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0772"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:internet_explorer:10",
- "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:internet_explorer:9",
- "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:-:sp2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:internet_explorer:11",
- "cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_7:-:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_8.1:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_rt_8.1:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:r2:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-17T18:22Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0773",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102398"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0773"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-17T18:22Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0774",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102399"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0774"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43715/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : true,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0775",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102400"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0775"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43717/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : true,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0776",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102401"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0776"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43723/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : true,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0777",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102402"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0777"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43718/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : true,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0778",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102403"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0778"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-12T20:08Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0780",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102389"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0780"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43720/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.3,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 2.6
- },
- "severity" : "LOW",
- "exploitabilityScore" : 4.9,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0781",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102404"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0781"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0778."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.6
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 4.9,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-16T17:47Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0784",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102377"
- }, {
- "url" : "http://www.securitytracker.com/id/1040151"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0784"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0808."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0785",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102379"
- }, {
- "url" : "http://www.securitytracker.com/id/1040151"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0785"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka \"ASP.NET Core Cross Site Request Forgery Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0786",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102380"
- }, {
- "url" : "http://www.securitytracker.com/id/1040152"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 and .NET Core 1.0 and 2.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0788",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "windows_7",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_8.1",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- } ]
- }
- }, {
- "product_name" : "windows_server_2008",
- "version" : {
- "version_data" : [ {
- "version_value" : "*"
- }, {
- "version_value" : "r2"
- } ]
- }
- }, {
- "product_name" : "windows_server_2012",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- }, {
- "version_value" : "r2"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-264"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102364"
- }, {
- "url" : "http://www.securitytracker.com/id/1040092"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0788"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"OpenType Font Driver Elevation of Privilege Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_7::sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_8.1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008::sp2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2008:r2:sp1",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2012:r2",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.0,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.0,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:M/Au:N/C:C/I:C/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "COMPLETE",
- "integrityImpact" : "COMPLETE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.9
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.4,
- "impactScore" : 10.0,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-18T22:50Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0789",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102394"
- }, {
- "url" : "http://www.securitytracker.com/id/1040150"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0789"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0790."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0790",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102391"
- }, {
- "url" : "http://www.securitytracker.com/id/1040150"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0789."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0791",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102383"
- }, {
- "url" : "http://www.securitytracker.com/id/1040154"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0793."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0792",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102381"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0792"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0794."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0793",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102375"
- }, {
- "url" : "http://www.securitytracker.com/id/1040154"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0791."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0794",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102373"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0792."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0795",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102356"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0795"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0796",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102372"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0797",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102406"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka \"Microsoft Word Memory Corruption Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0798",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102370"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0799",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102411"
- }, {
- "url" : "http://www.securitytracker.com/id/1040157"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0799"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka \"Microsoft Access Tampering Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0800",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "chakracore",
- "version" : {
- "version_data" : [ {
- "version_value" : "1.7.6"
- } ]
- }
- }, {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102392"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0800"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:chakracore",
- "cpe23Uri" : "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
- "versionEndIncluding" : "1.7.6"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.3,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-17T16:06Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0801",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102348"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0801"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0802",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102347"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html"
- }, {
- "url" : "https://github.com/rxwx/CVE-2018-0802"
- }, {
- "url" : "https://github.com/zldww2011/CVE-2018-0802_POC"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0797 and CVE-2018-0812."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-18T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0803",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "microsoft",
- "product" : {
- "product_data" : [ {
- "product_name" : "edge",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-74"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102384"
- }, {
- "url" : "http://www.securitytracker.com/id/1040100"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0803"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka \"Microsoft Edge Elevation of Privilege Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:microsoft:edge:-",
- "cpe23Uri" : "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1511",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1607",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1703",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_10:1709",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/o:microsoft:windows_server_2016:-",
- "cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.2,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 2.5
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:P/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.8
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 4.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T14:29Z",
- "lastModifiedDate" : "2018-01-16T18:02Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0804",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102457"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0805",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102459"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807"
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0806",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102460"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0807",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102461"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0807"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0812",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102463"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Memory Corruption Vulnerability\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0818",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102412"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0818"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka \"Scripting Engine Security Feature Bypass\"."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-0819",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102464"
- }, {
- "url" : "http://www.securitytracker.com/id/1040153"
- }, {
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0819"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka \"Spoofing Vulnerability in Microsoft Office for Mac.\""
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T01:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-1000004",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://seclists.org/oss-sec/2018/q1/51"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T20:29Z",
- "lastModifiedDate" : "2018-01-16T20:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-1190",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "pivotal",
- "product" : {
- "product_data" : [ {
- "product_name" : "cf-release",
- "version" : {
- "version_data" : [ {
- "version_value" : "269"
- } ]
- }
- }, {
- "product_name" : "uaa_bosh",
- "version" : {
- "version_data" : [ {
- "version_value" : "44"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102427"
- }, {
- "url" : "https://www.cloudfoundry.org/cve-2018-1190/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:pivotal:cf-release",
- "cpe23Uri" : "cpe:2.3:a:pivotal:cf-release:*:*:*:*:*:*:*:*",
- "versionEndIncluding" : "269"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:pivotal:uaa",
- "cpe23Uri" : "cpe:2.3:a:pivotal:uaa:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "3.0.0",
- "versionEndIncluding" : "3.20.1"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:pivotal:uaa_bosh",
- "cpe23Uri" : "cpe:2.3:a:pivotal:uaa_bosh:*:*:*:*:*:*:*:*",
- "versionEndIncluding" : "44"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.1,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T06:29Z",
- "lastModifiedDate" : "2018-01-18T22:52Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-1361",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102501"
- }, {
- "url" : "http://www.securitytracker.com/id/1040132"
- }, {
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137158"
- }, {
- "url" : "https://www.ibm.com/support/docview.wss?uid=swg22012409"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-11T17:29Z",
- "lastModifiedDate" : "2018-01-17T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-1362",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012528"
- }, {
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-19T14:29Z",
- "lastModifiedDate" : "2018-01-19T14:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2360",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102448"
- }, {
- "url" : "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
- }, {
- "url" : "https://launchpad.support.sap.com/#/notes/2523961"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T15:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2361",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102450"
- }, {
- "url" : "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
- }, {
- "url" : "https://launchpad.support.sap.com/#/notes/2507934"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T15:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2362",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102452"
- }, {
- "url" : "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
- }, {
- "url" : "https://launchpad.support.sap.com/#/notes/2575750"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T15:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2363",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102449"
- }, {
- "url" : "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
- }, {
- "url" : "https://launchpad.support.sap.com/#/notes/1906212"
- }, {
- "url" : "https://launchpad.support.sap.com/#/notes/2525392"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T15:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2560",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102617"
- }, {
- "url" : "http://www.securitytracker.com/id/1040215"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2561",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102565"
- }, {
- "url" : "http://www.securitytracker.com/id/1040210"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2562",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "mysql",
- "version" : {
- "version_data" : [ {
- "version_value" : "5.5.0"
- }, {
- "version_value" : "5.5.1"
- }, {
- "version_value" : "5.5.2"
- }, {
- "version_value" : "5.5.3"
- }, {
- "version_value" : "5.5.4"
- }, {
- "version_value" : "5.5.5"
- }, {
- "version_value" : "5.5.6"
- }, {
- "version_value" : "5.5.7"
- }, {
- "version_value" : "5.5.8"
- }, {
- "version_value" : "5.5.9"
- }, {
- "version_value" : "5.5.10"
- }, {
- "version_value" : "5.5.11"
- }, {
- "version_value" : "5.5.12"
- }, {
- "version_value" : "5.5.13"
- }, {
- "version_value" : "5.5.14"
- }, {
- "version_value" : "5.5.15"
- }, {
- "version_value" : "5.5.16"
- }, {
- "version_value" : "5.5.17"
- }, {
- "version_value" : "5.5.18"
- }, {
- "version_value" : "5.5.19"
- }, {
- "version_value" : "5.5.20"
- }, {
- "version_value" : "5.5.21"
- }, {
- "version_value" : "5.5.22"
- }, {
- "version_value" : "5.5.23"
- }, {
- "version_value" : "5.5.24"
- }, {
- "version_value" : "5.5.25"
- }, {
- "version_value" : "5.5.26"
- }, {
- "version_value" : "5.5.27"
- }, {
- "version_value" : "5.5.28"
- }, {
- "version_value" : "5.5.29"
- }, {
- "version_value" : "5.5.30"
- }, {
- "version_value" : "5.5.31"
- }, {
- "version_value" : "5.5.32"
- }, {
- "version_value" : "5.5.33"
- }, {
- "version_value" : "5.5.34"
- }, {
- "version_value" : "5.5.35"
- }, {
- "version_value" : "5.5.36"
- }, {
- "version_value" : "5.5.37"
- }, {
- "version_value" : "5.5.38"
- }, {
- "version_value" : "5.5.39"
- }, {
- "version_value" : "5.5.40"
- }, {
- "version_value" : "5.5.41"
- }, {
- "version_value" : "5.5.42"
- }, {
- "version_value" : "5.5.43"
- }, {
- "version_value" : "5.5.44"
- }, {
- "version_value" : "5.5.45"
- }, {
- "version_value" : "5.5.46"
- }, {
- "version_value" : "5.5.47"
- }, {
- "version_value" : "5.5.48"
- }, {
- "version_value" : "5.5.49"
- }, {
- "version_value" : "5.5.50"
- }, {
- "version_value" : "5.5.51"
- }, {
- "version_value" : "5.5.52"
- }, {
- "version_value" : "5.5.53"
- }, {
- "version_value" : "5.5.54"
- }, {
- "version_value" : "5.5.55"
- }, {
- "version_value" : "5.5.56"
- }, {
- "version_value" : "5.5.57"
- }, {
- "version_value" : "5.5.58"
- }, {
- "version_value" : "5.6.0"
- }, {
- "version_value" : "5.6.1"
- }, {
- "version_value" : "5.6.2"
- }, {
- "version_value" : "5.6.3"
- }, {
- "version_value" : "5.6.4"
- }, {
- "version_value" : "5.6.5"
- }, {
- "version_value" : "5.6.6"
- }, {
- "version_value" : "5.6.7"
- }, {
- "version_value" : "5.6.8"
- }, {
- "version_value" : "5.6.9"
- }, {
- "version_value" : "5.6.10"
- }, {
- "version_value" : "5.6.11"
- }, {
- "version_value" : "5.6.12"
- }, {
- "version_value" : "5.6.13"
- }, {
- "version_value" : "5.6.14"
- }, {
- "version_value" : "5.6.15"
- }, {
- "version_value" : "5.6.16"
- }, {
- "version_value" : "5.6.17"
- }, {
- "version_value" : "5.6.18"
- }, {
- "version_value" : "5.6.19"
- }, {
- "version_value" : "5.6.20"
- }, {
- "version_value" : "5.6.21"
- }, {
- "version_value" : "5.6.22"
- }, {
- "version_value" : "5.6.23"
- }, {
- "version_value" : "5.6.24"
- }, {
- "version_value" : "5.6.25"
- }, {
- "version_value" : "5.6.26"
- }, {
- "version_value" : "5.6.27"
- }, {
- "version_value" : "5.6.28"
- }, {
- "version_value" : "5.6.29"
- }, {
- "version_value" : "5.6.30"
- }, {
- "version_value" : "5.6.31"
- }, {
- "version_value" : "5.6.32"
- }, {
- "version_value" : "5.6.33"
- }, {
- "version_value" : "5.6.34"
- }, {
- "version_value" : "5.6.35"
- }, {
- "version_value" : "5.6.36"
- }, {
- "version_value" : "5.6.37"
- }, {
- "version_value" : "5.6.38"
- }, {
- "version_value" : "5.7.0"
- }, {
- "version_value" : "5.7.1"
- }, {
- "version_value" : "5.7.2"
- }, {
- "version_value" : "5.7.3"
- }, {
- "version_value" : "5.7.4"
- }, {
- "version_value" : "5.7.5"
- }, {
- "version_value" : "5.7.6"
- }, {
- "version_value" : "5.7.7"
- }, {
- "version_value" : "5.7.8"
- }, {
- "version_value" : "5.7.9"
- }, {
- "version_value" : "5.7.10"
- }, {
- "version_value" : "5.7.11"
- }, {
- "version_value" : "5.7.12"
- }, {
- "version_value" : "5.7.13"
- }, {
- "version_value" : "5.7.14"
- }, {
- "version_value" : "5.7.15"
- }, {
- "version_value" : "5.7.16"
- }, {
- "version_value" : "5.7.17"
- }, {
- "version_value" : "5.7.18"
- }, {
- "version_value" : "5.7.19"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102713"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- }, {
- "url" : "https://www.debian.org/security/2018/dsa-4091"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:mysql",
- "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "5.5.0",
- "versionEndIncluding" : "5.5.58"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:mysql",
- "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "5.6.0",
- "versionEndIncluding" : "5.6.38"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:mysql",
- "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "5.7.0",
- "versionEndIncluding" : "5.7.19"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.1,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 4.2
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:N/I:P/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.5
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 8.0,
- "impactScore" : 7.8,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2564",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102541"
- }, {
- "url" : "http://www.securitytracker.com/id/1040207"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2565",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102712"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2566",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102603"
- }, {
- "url" : "http://www.securitytracker.com/id/1040205"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Difficult to exploit vulnerability allows low privileged attacker with network access via TLS to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized access to critical data or complete access to all Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2567",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102671"
- }, {
- "url" : "http://www.securitytracker.com/id/1040200"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.1.x, 7.2.4.2.x, 7.3.0.x.x and 7.3.0.1.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order and Service Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2568",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102606"
- }, {
- "url" : "http://www.securitytracker.com/id/1040205"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized read access to a subset of Integrated Lights Out Manager (ILOM) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2569",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102536"
- }, {
- "url" : "http://www.securitytracker.com/id/1040217"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java ME SDK. Note: This applies to the Windows platform only. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2570",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102665"
- }, {
- "url" : "http://www.securitytracker.com/id/1040200"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Inventory Management. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2571",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102669"
- }, {
- "url" : "http://www.securitytracker.com/id/1040200"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2573",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102710"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2574",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102623"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Outlook Client). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM Desktop accessible data as well as unauthorized access to critical data or complete access to all Siebel CRM Desktop accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2575",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102547"
- }, {
- "url" : "http://www.securitytracker.com/id/1040196"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.2.0.1. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with network access via multiple protocols to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. Note: Applicable only to Windows platform. CVSS 3.0 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2576",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102695"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2577",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102614"
- }, {
- "url" : "http://www.securitytracker.com/id/1040215"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2578",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102611"
- }, {
- "url" : "http://www.securitytracker.com/id/1040215"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2579",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102663"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2580",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102654"
- }, {
- "url" : "http://www.securitytracker.com/id/1040201"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: ADPatch). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2581",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102636"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2582",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102597"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2583",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102708"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2584",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102573"
- }, {
- "url" : "http://www.securitytracker.com/id/1040207"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2585",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102674"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and prior and 6.10.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2586",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102700"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2588",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102661"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2589",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102540"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Server). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2590",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102697"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2591",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102714"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2592",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102626"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Balance Sheet Planning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Balance Sheet Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Balance Sheet Planning accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Balance Sheet Planning accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2593",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "peoplesoft_enterprise_peopletools",
- "version" : {
- "version_data" : [ {
- "version_value" : "8.54"
- }, {
- "version_value" : "8.55"
- }, {
- "version_value" : "8.56"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102581"
- }, {
- "url" : "http://www.securitytracker.com/id/1040204"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.54",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 8.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.8
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T15:37Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2594",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "hyperion_bi+",
- "version" : {
- "version_data" : [ {
- "version_value" : "11.1.2.4"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102641"
- }, {
- "url" : "http://www.securitytracker.com/id/1040206"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+. CVSS 3.0 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:hyperion_bi%2b:11.1.2.4",
- "cpe23Uri" : "cpe:2.3:a:oracle:hyperion_bi\\+:11.1.2.4:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "LOW",
- "baseScore" : 4.3,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 0.9,
- "impactScore" : 3.4
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 6.8,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T15:37Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2595",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "hyperion_bi+",
- "version" : {
- "version_data" : [ {
- "version_value" : "11.1.2.4"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102643"
- }, {
- "url" : "http://www.securitytracker.com/id/1040206"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: Foundation UI & Servlets). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion BI+ accessible data as well as unauthorized read access to a subset of Hyperion BI+ accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion BI+. CVSS 3.0 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:hyperion_bi%2b:11.1.2.4",
- "cpe23Uri" : "cpe:2.3:a:oracle:hyperion_bi\\+:11.1.2.4:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "LOW",
- "baseScore" : 4.3,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 0.9,
- "impactScore" : 3.4
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 6.8,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T15:38Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2596",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102545"
- }, {
- "url" : "http://www.securitytracker.com/id/1040207"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2597",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102572"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: SilverWhere). The supported version that is affected is 8.0.78. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Dining Room Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Dining Room Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Dining Room Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Dining Room Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2599",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102633"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2600",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102696"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2601",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102553"
- }, {
- "url" : "http://www.securitytracker.com/id/1040208"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory. While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2602",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102642"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2603",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102625"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2604",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102578"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2605",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "peoplesoft_enterprise_peopletools",
- "version" : {
- "version_data" : [ {
- "version_value" : "8.54"
- }, {
- "version_value" : "8.55"
- }, {
- "version_value" : "8.56"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102589"
- }, {
- "url" : "http://www.securitytracker.com/id/1040204"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.54",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T15:42Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2606",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102579"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Guest Access executes to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2607",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102580"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Guest Access. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2608",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102538"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). The supported version that is affected is 2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2609",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102620"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2610",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "hyperion_data_relationship_management",
- "version" : {
- "version_data" : [ {
- "version_value" : "11.1.2.4.330"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102637"
- }, {
- "url" : "http://www.securitytracker.com/id/1040206"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security). The supported version that is affected is 11.1.2.4.330. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Data Relationship Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion Data Relationship Management accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:hyperion_data_relationship_management:11.1.2.4.330",
- "cpe23Uri" : "cpe:2.3:a:oracle:hyperion_data_relationship_management:11.1.2.4.330:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.3,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 3.9,
- "impactScore" : 1.4
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 10.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T15:42Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2611",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102587"
- }, {
- "url" : "http://www.securitytracker.com/id/1040215"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2612",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102709"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2613",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102616"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Login). Supported versions that are affected are 7.x, 8.0.x and 8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data as well as unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2614",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102598"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 and 12.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2615",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102640"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2616",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102644"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2617",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102645"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2618",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102612"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2619",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102548"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). The supported version that is affected is 2.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2620",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102583"
- }, {
- "url" : "http://www.securitytracker.com/id/1040213"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). Supported versions that are affected are 10.x, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data as well as unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2621",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102574"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: Mobile Gangway and Mustering). The supported version that is affected is 7.3.874. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2622",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102706"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- }, {
- "url" : "https://www.debian.org/security/2018/dsa-4091"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2623",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102590"
- }, {
- "url" : "http://www.securitytracker.com/id/1040215"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2624",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102595"
- }, {
- "url" : "http://www.securitytracker.com/id/1040215"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2625",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102567"
- }, {
- "url" : "http://www.securitytracker.com/id/1040212"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2626",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102630"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Balance Sheet Planning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Balance Sheet Planning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Balance Sheet Planning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Balance Sheet Planning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Balance Sheet Planning accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2627",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102584"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to the Windows installer only. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2629",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102615"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2630",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102593"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security Management System). Supported versions that are affected are 11.5.0, 11.6.0 and 11.7.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2631",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102628"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.2.11, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.1, 6.4.2 and 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2632",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102631"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Siebel Engineering - Installer and Deployment component of Oracle Siebel CRM (subcomponent: Siebel Approval Manager). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Engineering - Installer and Deployment. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel Engineering - Installer and Deployment accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2633",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102557"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2634",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102592"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2635",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102652"
- }, {
- "url" : "http://www.securitytracker.com/id/1040201"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Login). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2636",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102560"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2637",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102576"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2638",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102546"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2639",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102556"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2640",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102678"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- }, {
- "url" : "https://www.debian.org/security/2018/dsa-4091"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2641",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102605"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2642",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102619"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: File Upload). Supported versions that are affected are 7.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Argus Safety accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Argus Safety. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2643",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102622"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Case Selection). Supported versions that are affected are 7.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. While the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2644",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102627"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Worklist). Supported versions that are affected are 7.x, 8.0.x and 8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Argus Safety, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2645",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "mysql",
- "version" : {
- "version_data" : [ {
- "version_value" : "5.6.0"
- }, {
- "version_value" : "5.6.1"
- }, {
- "version_value" : "5.6.2"
- }, {
- "version_value" : "5.6.3"
- }, {
- "version_value" : "5.6.4"
- }, {
- "version_value" : "5.6.5"
- }, {
- "version_value" : "5.6.6"
- }, {
- "version_value" : "5.6.7"
- }, {
- "version_value" : "5.6.8"
- }, {
- "version_value" : "5.6.9"
- }, {
- "version_value" : "5.6.10"
- }, {
- "version_value" : "5.6.11"
- }, {
- "version_value" : "5.6.12"
- }, {
- "version_value" : "5.6.13"
- }, {
- "version_value" : "5.6.14"
- }, {
- "version_value" : "5.6.15"
- }, {
- "version_value" : "5.6.16"
- }, {
- "version_value" : "5.6.17"
- }, {
- "version_value" : "5.6.18"
- }, {
- "version_value" : "5.6.19"
- }, {
- "version_value" : "5.6.20"
- }, {
- "version_value" : "5.6.21"
- }, {
- "version_value" : "5.6.22"
- }, {
- "version_value" : "5.6.23"
- }, {
- "version_value" : "5.6.24"
- }, {
- "version_value" : "5.6.25"
- }, {
- "version_value" : "5.6.26"
- }, {
- "version_value" : "5.6.27"
- }, {
- "version_value" : "5.6.28"
- }, {
- "version_value" : "5.6.29"
- }, {
- "version_value" : "5.6.30"
- }, {
- "version_value" : "5.6.31"
- }, {
- "version_value" : "5.6.32"
- }, {
- "version_value" : "5.6.33"
- }, {
- "version_value" : "5.6.34"
- }, {
- "version_value" : "5.6.35"
- }, {
- "version_value" : "5.6.36"
- }, {
- "version_value" : "5.6.37"
- }, {
- "version_value" : "5.6.38"
- }, {
- "version_value" : "5.7.0"
- }, {
- "version_value" : "5.7.1"
- }, {
- "version_value" : "5.7.2"
- }, {
- "version_value" : "5.7.3"
- }, {
- "version_value" : "5.7.4"
- }, {
- "version_value" : "5.7.5"
- }, {
- "version_value" : "5.7.6"
- }, {
- "version_value" : "5.7.7"
- }, {
- "version_value" : "5.7.8"
- }, {
- "version_value" : "5.7.9"
- }, {
- "version_value" : "5.7.10"
- }, {
- "version_value" : "5.7.11"
- }, {
- "version_value" : "5.7.12"
- }, {
- "version_value" : "5.7.13"
- }, {
- "version_value" : "5.7.14"
- }, {
- "version_value" : "5.7.15"
- }, {
- "version_value" : "5.7.16"
- }, {
- "version_value" : "5.7.17"
- }, {
- "version_value" : "5.7.18"
- }, {
- "version_value" : "5.7.19"
- }, {
- "version_value" : "5.7.20"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102698"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:mysql",
- "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "5.6.0",
- "versionEndIncluding" : "5.6.38"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:mysql",
- "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "5.7.0",
- "versionEndIncluding" : "5.7.20"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.9,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.2,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T18:54Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2646",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "mysql",
- "version" : {
- "version_data" : [ {
- "version_value" : "5.7.0"
- }, {
- "version_value" : "5.7.1"
- }, {
- "version_value" : "5.7.2"
- }, {
- "version_value" : "5.7.3"
- }, {
- "version_value" : "5.7.4"
- }, {
- "version_value" : "5.7.5"
- }, {
- "version_value" : "5.7.6"
- }, {
- "version_value" : "5.7.7"
- }, {
- "version_value" : "5.7.8"
- }, {
- "version_value" : "5.7.9"
- }, {
- "version_value" : "5.7.10"
- }, {
- "version_value" : "5.7.11"
- }, {
- "version_value" : "5.7.12"
- }, {
- "version_value" : "5.7.13"
- }, {
- "version_value" : "5.7.14"
- }, {
- "version_value" : "5.7.15"
- }, {
- "version_value" : "5.7.16"
- }, {
- "version_value" : "5.7.17"
- }, {
- "version_value" : "5.7.18"
- }, {
- "version_value" : "5.7.19"
- }, {
- "version_value" : "5.7.20"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "NVD-CWE-noinfo"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102703"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:mysql",
- "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "5.7.0",
- "versionEndIncluding" : "5.7.20"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 4.9,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.2,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:N/I:N/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.8
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 6.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T19:06Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2647",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "mysql",
- "version" : {
- "version_data" : [ {
- "version_value" : "5.6.0"
- }, {
- "version_value" : "5.6.1"
- }, {
- "version_value" : "5.6.2"
- }, {
- "version_value" : "5.6.3"
- }, {
- "version_value" : "5.6.4"
- }, {
- "version_value" : "5.6.5"
- }, {
- "version_value" : "5.6.6"
- }, {
- "version_value" : "5.6.7"
- }, {
- "version_value" : "5.6.8"
- }, {
- "version_value" : "5.6.9"
- }, {
- "version_value" : "5.6.10"
- }, {
- "version_value" : "5.6.11"
- }, {
- "version_value" : "5.6.12"
- }, {
- "version_value" : "5.6.13"
- }, {
- "version_value" : "5.6.14"
- }, {
- "version_value" : "5.6.15"
- }, {
- "version_value" : "5.6.16"
- }, {
- "version_value" : "5.6.17"
- }, {
- "version_value" : "5.6.18"
- }, {
- "version_value" : "5.6.19"
- }, {
- "version_value" : "5.6.20"
- }, {
- "version_value" : "5.6.21"
- }, {
- "version_value" : "5.6.22"
- }, {
- "version_value" : "5.6.23"
- }, {
- "version_value" : "5.6.24"
- }, {
- "version_value" : "5.6.25"
- }, {
- "version_value" : "5.6.26"
- }, {
- "version_value" : "5.6.27"
- }, {
- "version_value" : "5.6.28"
- }, {
- "version_value" : "5.6.29"
- }, {
- "version_value" : "5.6.30"
- }, {
- "version_value" : "5.6.31"
- }, {
- "version_value" : "5.6.32"
- }, {
- "version_value" : "5.6.33"
- }, {
- "version_value" : "5.6.34"
- }, {
- "version_value" : "5.6.35"
- }, {
- "version_value" : "5.6.36"
- }, {
- "version_value" : "5.6.37"
- }, {
- "version_value" : "5.6.38"
- }, {
- "version_value" : "5.7.1"
- }, {
- "version_value" : "5.7.2"
- }, {
- "version_value" : "5.7.3"
- }, {
- "version_value" : "5.7.4"
- }, {
- "version_value" : "5.7.5"
- }, {
- "version_value" : "5.7.6"
- }, {
- "version_value" : "5.7.7"
- }, {
- "version_value" : "5.7.8"
- }, {
- "version_value" : "5.7.9"
- }, {
- "version_value" : "5.7.10"
- }, {
- "version_value" : "5.7.11"
- }, {
- "version_value" : "5.7.12"
- }, {
- "version_value" : "5.7.13"
- }, {
- "version_value" : "5.7.14"
- }, {
- "version_value" : "5.7.15"
- }, {
- "version_value" : "5.7.16"
- }, {
- "version_value" : "5.7.17"
- }, {
- "version_value" : "5.7.18"
- }, {
- "version_value" : "5.7.19"
- }, {
- "version_value" : "5.7.20"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102711"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:mysql",
- "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "5.6.0",
- "versionEndIncluding" : "5.6.38"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:mysql",
- "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
- "versionStartExcluding" : "5.7.0",
- "versionEndIncluding" : "5.7.20"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "HIGH",
- "baseScore" : 5.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.2,
- "impactScore" : 4.2
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:N/I:P/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.5
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 8.0,
- "impactScore" : 7.8,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T18:49Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2648",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102577"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2649",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102582"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2650",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102564"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2651",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "peoplesoft_enterprise_peopletools",
- "version" : {
- "version_data" : [ {
- "version_value" : "8.54"
- }, {
- "version_value" : "8.55"
- }, {
- "version_value" : "8.56"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102588"
- }, {
- "url" : "http://www.securitytracker.com/id/1040204"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: XML Publisher). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.54",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 3.9,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 10.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T15:43Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2652",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "peoplesoft_enterprise_peopletools",
- "version" : {
- "version_data" : [ {
- "version_value" : "8.54"
- }, {
- "version_value" : "8.55"
- }, {
- "version_value" : "8.56"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102586"
- }, {
- "url" : "http://www.securitytracker.com/id/1040204"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.54",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 3.9,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 10.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T15:43Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2653",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "peoplesoft_enterprise_peopletools",
- "version" : {
- "version_data" : [ {
- "version_value" : "8.54"
- }, {
- "version_value" : "8.55"
- }, {
- "version_value" : "8.56"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102596"
- }, {
- "url" : "http://www.securitytracker.com/id/1040204"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Connected Query). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.54",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.3,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 3.9,
- "impactScore" : 1.4
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 10.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T15:44Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2654",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "peoplesoft_enterprise_human_capital_management_human_resources",
- "version" : {
- "version_data" : [ {
- "version_value" : "9.2"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102604"
- }, {
- "url" : "http://www.securitytracker.com/id/1040204"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Company Dir / Org Chart Viewer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.1,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:P/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.8
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 4.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T15:45Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2655",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102646"
- }, {
- "url" : "http://www.securitytracker.com/id/1040201"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite (subcomponent: Assemble/Configure to Order). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Work in Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Work in Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Work in Process accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2656",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102639"
- }, {
- "url" : "http://www.securitytracker.com/id/1040201"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Data Manager Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2657",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102629"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2658",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102705"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2659",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102707"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2660",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102677"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2661",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102679"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2662",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102624"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.2.11, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7 and 6.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data as well as unauthorized read access to a subset of Oracle Transportation Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2663",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102662"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2664",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102594"
- }, {
- "url" : "http://www.securitytracker.com/id/1040215"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2665",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "mysql",
- "version" : {
- "version_data" : [ {
- "version_value" : "5.5.0"
- }, {
- "version_value" : "5.5.1"
- }, {
- "version_value" : "5.5.2"
- }, {
- "version_value" : "5.5.3"
- }, {
- "version_value" : "5.5.4"
- }, {
- "version_value" : "5.5.5"
- }, {
- "version_value" : "5.5.6"
- }, {
- "version_value" : "5.5.7"
- }, {
- "version_value" : "5.5.8"
- }, {
- "version_value" : "5.5.9"
- }, {
- "version_value" : "5.5.10"
- }, {
- "version_value" : "5.5.11"
- }, {
- "version_value" : "5.5.12"
- }, {
- "version_value" : "5.5.13"
- }, {
- "version_value" : "5.5.14"
- }, {
- "version_value" : "5.5.15"
- }, {
- "version_value" : "5.5.16"
- }, {
- "version_value" : "5.5.17"
- }, {
- "version_value" : "5.5.18"
- }, {
- "version_value" : "5.5.19"
- }, {
- "version_value" : "5.5.20"
- }, {
- "version_value" : "5.5.21"
- }, {
- "version_value" : "5.5.22"
- }, {
- "version_value" : "5.5.23"
- }, {
- "version_value" : "5.5.24"
- }, {
- "version_value" : "5.5.25"
- }, {
- "version_value" : "5.5.26"
- }, {
- "version_value" : "5.5.27"
- }, {
- "version_value" : "5.5.28"
- }, {
- "version_value" : "5.5.29"
- }, {
- "version_value" : "5.5.30"
- }, {
- "version_value" : "5.5.31"
- }, {
- "version_value" : "5.5.32"
- }, {
- "version_value" : "5.5.33"
- }, {
- "version_value" : "5.5.34"
- }, {
- "version_value" : "5.5.35"
- }, {
- "version_value" : "5.5.36"
- }, {
- "version_value" : "5.5.37"
- }, {
- "version_value" : "5.5.38"
- }, {
- "version_value" : "5.5.39"
- }, {
- "version_value" : "5.5.40"
- }, {
- "version_value" : "5.5.41"
- }, {
- "version_value" : "5.5.42"
- }, {
- "version_value" : "5.5.43"
- }, {
- "version_value" : "5.5.44"
- }, {
- "version_value" : "5.5.45"
- }, {
- "version_value" : "5.5.46"
- }, {
- "version_value" : "5.5.47"
- }, {
- "version_value" : "5.5.48"
- }, {
- "version_value" : "5.5.49"
- }, {
- "version_value" : "5.5.50"
- }, {
- "version_value" : "5.5.51"
- }, {
- "version_value" : "5.5.52"
- }, {
- "version_value" : "5.5.53"
- }, {
- "version_value" : "5.5.54"
- }, {
- "version_value" : "5.5.55"
- }, {
- "version_value" : "5.5.56"
- }, {
- "version_value" : "5.5.57"
- }, {
- "version_value" : "5.5.58"
- }, {
- "version_value" : "5.6.0"
- }, {
- "version_value" : "5.6.1"
- }, {
- "version_value" : "5.6.2"
- }, {
- "version_value" : "5.6.3"
- }, {
- "version_value" : "5.6.4"
- }, {
- "version_value" : "5.6.5"
- }, {
- "version_value" : "5.6.6"
- }, {
- "version_value" : "5.6.7"
- }, {
- "version_value" : "5.6.8"
- }, {
- "version_value" : "5.6.9"
- }, {
- "version_value" : "5.6.10"
- }, {
- "version_value" : "5.6.11"
- }, {
- "version_value" : "5.6.12"
- }, {
- "version_value" : "5.6.13"
- }, {
- "version_value" : "5.6.14"
- }, {
- "version_value" : "5.6.15"
- }, {
- "version_value" : "5.6.16"
- }, {
- "version_value" : "5.6.17"
- }, {
- "version_value" : "5.6.18"
- }, {
- "version_value" : "5.6.19"
- }, {
- "version_value" : "5.6.20"
- }, {
- "version_value" : "5.6.21"
- }, {
- "version_value" : "5.6.22"
- }, {
- "version_value" : "5.6.23"
- }, {
- "version_value" : "5.6.24"
- }, {
- "version_value" : "5.6.25"
- }, {
- "version_value" : "5.6.26"
- }, {
- "version_value" : "5.6.27"
- }, {
- "version_value" : "5.6.28"
- }, {
- "version_value" : "5.6.29"
- }, {
- "version_value" : "5.6.30"
- }, {
- "version_value" : "5.6.31"
- }, {
- "version_value" : "5.6.32"
- }, {
- "version_value" : "5.6.33"
- }, {
- "version_value" : "5.6.34"
- }, {
- "version_value" : "5.6.35"
- }, {
- "version_value" : "5.6.36"
- }, {
- "version_value" : "5.6.37"
- }, {
- "version_value" : "5.6.38"
- }, {
- "version_value" : "5.7.1"
- }, {
- "version_value" : "5.7.2"
- }, {
- "version_value" : "5.7.3"
- }, {
- "version_value" : "5.7.4"
- }, {
- "version_value" : "5.7.5"
- }, {
- "version_value" : "5.7.6"
- }, {
- "version_value" : "5.7.7"
- }, {
- "version_value" : "5.7.8"
- }, {
- "version_value" : "5.7.9"
- }, {
- "version_value" : "5.7.10"
- }, {
- "version_value" : "5.7.11"
- }, {
- "version_value" : "5.7.12"
- }, {
- "version_value" : "5.7.13"
- }, {
- "version_value" : "5.7.14"
- }, {
- "version_value" : "5.7.15"
- }, {
- "version_value" : "5.7.16"
- }, {
- "version_value" : "5.7.17"
- }, {
- "version_value" : "5.7.18"
- }, {
- "version_value" : "5.7.19"
- }, {
- "version_value" : "5.7.20"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "NVD-CWE-noinfo"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102681"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- }, {
- "url" : "https://www.debian.org/security/2018/dsa-4091"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:mysql",
- "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "5.5.0",
- "versionEndIncluding" : "5.5.58"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:mysql",
- "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "5.6.0",
- "versionEndIncluding" : "5.6.38"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:mysql",
- "cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
- "versionStartExcluding" : "5.7.0",
- "versionEndIncluding" : "5.7.20"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 6.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:N/I:N/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.8
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 6.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2666",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102575"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Labor Management component of Oracle Hospitality Applications (subcomponent: Webservice Endpoint). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Labor Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Labor Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Labor Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2667",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102685"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2668",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102682"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- }, {
- "url" : "https://www.debian.org/security/2018/dsa-4091"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2669",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102570"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2670",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102676"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Profitability Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2671",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "peoplesoft_enterprise_scm_purchasing",
- "version" : {
- "version_data" : [ {
- "version_value" : "9.2"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102602"
- }, {
- "url" : "http://www.securitytracker.com/id/1040204"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Registration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM Purchasing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_scm_purchasing:9.2",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_scm_purchasing:9.2:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T15:36Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2672",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102542"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2673",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102552"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2674",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102686"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2675",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102670"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2676",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102699"
- }, {
- "url" : "http://www.securitytracker.com/id/1040202"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2677",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102656"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2678",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102659"
- }, {
- "url" : "http://www.securitytracker.com/id/1040203"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0095"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0099"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0100"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2679",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102675"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Profitability Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2680",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102571"
- }, {
- "url" : "http://www.securitytracker.com/id/1040196"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2681",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "peoplesoft_enterprise_human_capital_management_human_resources",
- "version" : {
- "version_data" : [ {
- "version_value" : "9.2"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102607"
- }, {
- "url" : "http://www.securitytracker.com/id/1040204"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.4,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 2.5
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:P/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.9
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 6.8,
- "impactScore" : 4.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T15:32Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2682",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102657"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2683",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102544"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2684",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102649"
- }, {
- "url" : "http://www.securitytracker.com/id/1040201"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Registration Process). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2685",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102689"
- }, {
- "url" : "http://www.securitytracker.com/id/1040202"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2686",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102690"
- }, {
- "url" : "http://www.securitytracker.com/id/1040202"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2687",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102691"
- }, {
- "url" : "http://www.securitytracker.com/id/1040202"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2688",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102692"
- }, {
- "url" : "http://www.securitytracker.com/id/1040202"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2689",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102693"
- }, {
- "url" : "http://www.securitytracker.com/id/1040202"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2690",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102694"
- }, {
- "url" : "http://www.securitytracker.com/id/1040202"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2691",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102647"
- }, {
- "url" : "http://www.securitytracker.com/id/1040201"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Proxy User Delegation). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle User Management accessible data as well as unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2692",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102621"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Asset Liability Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Asset Liability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Asset Liability Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2693",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102702"
- }, {
- "url" : "http://www.securitytracker.com/id/1040202"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2694",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102687"
- }, {
- "url" : "http://www.securitytracker.com/id/1040202"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2695",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "peoplesoft_enterprise_peopletools",
- "version" : {
- "version_data" : [ {
- "version_value" : "8.54"
- }, {
- "version_value" : "8.55"
- }, {
- "version_value" : "8.56"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102591"
- }, {
- "url" : "http://www.securitytracker.com/id/1040204"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.54",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T15:54Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2696",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102701"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2697",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102533"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2698",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102688"
- }, {
- "url" : "http://www.securitytracker.com/id/1040202"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2699",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102563"
- }, {
- "url" : "http://www.securitytracker.com/id/1040196"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5.1.4.00.08. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2700",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102559"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2701",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102554"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Fleet Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2702",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "peoplesoft_enterprise_scm_strategic_sourcing",
- "version" : {
- "version_data" : [ {
- "version_value" : "9.2"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102600"
- }, {
- "url" : "http://www.securitytracker.com/id/1040204"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_scm_strategic_sourcing:9.2",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_scm_strategic_sourcing:9.2:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T16:02Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2703",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102704"
- }, {
- "url" : "http://www.securitytracker.com/id/1040216"
- }, {
- "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2704",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "banking_payments",
- "version" : {
- "version_data" : [ {
- "version_value" : "12.3.0"
- }, {
- "version_value" : "12.4.0"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102568"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Payments accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.0 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:banking_payments:12.3.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:banking_payments:12.3.0:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:banking_payments:12.4.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:banking_payments:12.4.0:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 8.1,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 5.2
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:N/I:P/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.5
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 8.0,
- "impactScore" : 7.8,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T16:28Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2705",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "banking_payments",
- "version" : {
- "version_data" : [ {
- "version_value" : "12.3.0"
- }, {
- "version_value" : "12.4.0"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102561"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in takeover of Oracle Banking Payments. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:banking_payments:12.3.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:banking_payments:12.3.0:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:banking_payments:12.4.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:banking_payments:12.4.0:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 8.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.5
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T16:28Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2706",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "banking_corporate_lending",
- "version" : {
- "version_data" : [ {
- "version_value" : "12.3.0"
- }, {
- "version_value" : "12.4.0"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102543"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:banking_corporate_lending:12.3.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:banking_corporate_lending:12.3.0:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:banking_corporate_lending:12.4.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:banking_corporate_lending:12.4.0:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 8.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.5
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T16:28Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2707",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "banking_corporate_lending",
- "version" : {
- "version_data" : [ {
- "version_value" : "12.3.0"
- }, {
- "version_value" : "12.4.0"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102551"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:banking_corporate_lending:12.3.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:banking_corporate_lending:12.3.0:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:banking_corporate_lending:12.4.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:banking_corporate_lending:12.4.0:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 8.1,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 5.2
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:N/I:P/A:C)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.5
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 8.0,
- "impactScore" : 7.8,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2708",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "banking_payments",
- "version" : {
- "version_data" : [ {
- "version_value" : "12.3.0"
- }, {
- "version_value" : "12.4.0"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102684"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.3.0 and 12.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:banking_payments:12.3.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:banking_payments:12.3.0:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:banking_payments:12.4.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:banking_payments:12.4.0:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.3,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T16:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2709",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "banking_corporate_lending",
- "version" : {
- "version_data" : [ {
- "version_value" : "12.3.0"
- }, {
- "version_value" : "12.4.0"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102555"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:banking_corporate_lending:12.3.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:banking_corporate_lending:12.3.0:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:banking_corporate_lending:12.4.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:banking_corporate_lending:12.4.0:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.3,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2710",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102608"
- }, {
- "url" : "http://www.securitytracker.com/id/1040215"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via ICMP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2711",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102539"
- }, {
- "url" : "http://www.securitytracker.com/id/1040207"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Security Framework). Supported versions that are affected are 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data as well as unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2712",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102660"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Loan Loss Forecasting and Provisioning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2713",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102550"
- }, {
- "url" : "http://www.securitytracker.com/id/1040207"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2714",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102666"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Market Risk. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Market Risk, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Market Risk accessible data as well as unauthorized read access to a subset of Oracle Financial Services Market Risk accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2715",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102558"
- }, {
- "url" : "http://www.securitytracker.com/id/1040207"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Supported versions that are affected are 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2716",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "financial_services_market_risk_measurement_and_management",
- "version" : {
- "version_data" : [ {
- "version_value" : "8.0.5"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102672"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Market Risk Measurement and Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Market Risk Measurement and Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Market Risk Measurement and Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Market Risk Measurement and Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:financial_services_market_risk_measurement_and_management:8.0.5",
- "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.1,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:P/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.8
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 4.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T16:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2717",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102613"
- }, {
- "url" : "http://www.securitytracker.com/id/1040215"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2719",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102653"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Hedge Management and IFRS Valuations. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Hedge Management and IFRS Valuations, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Hedge Management and IFRS Valuations accessible data as well as unauthorized read access to a subset of Oracle Financial Services Hedge Management and IFRS Valuations accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2720",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102655"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2721",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "financial_services_price_creation_and_discovery",
- "version" : {
- "version_data" : [ {
- "version_value" : "8.0.5"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102668"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:financial_services_price_creation_and_discovery:8.0.5",
- "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.5:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "NONE",
- "baseScore" : 8.1,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 5.2
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.5
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 4.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T16:32Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2722",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "financial_services_price_creation_and_discovery",
- "version" : {
- "version_data" : [ {
- "version_value" : "8.0.5"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102673"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:financial_services_price_creation_and_discovery:8.0.5",
- "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.5:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.1,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:P/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.8
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 4.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T16:32Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2723",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102601"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Asset Liability Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Asset Liability Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2724",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102658"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2725",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102651"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Hedge Management and IFRS Valuations. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Hedge Management and IFRS Valuations accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Hedge Management and IFRS Valuations accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2726",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102664"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Market Risk. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Market Risk accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Market Risk accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:financial_services_market_risk",
- "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_market_risk:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "8.0.0.0.0",
- "versionEndIncluding" : "8.0.5.0.0"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "NONE",
- "baseScore" : 8.1,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 5.2
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.5
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 4.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T14:43Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2727",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102667"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Market Risk Measurement and Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Market Risk Measurement and Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Market Risk Measurement and Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2728",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102650"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Funds Transfer Pricing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Funds Transfer Pricing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Funds Transfer Pricing accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2729",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102635"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Funds Transfer Pricing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Funds Transfer Pricing accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2730",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "retail_merchandising_system",
- "version" : {
- "version_data" : [ {
- "version_value" : "16.0"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102680"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Cross Pillar). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Merchandising System. While the vulnerability is in Oracle Retail Merchandising System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Merchandising System accessible data as well as unauthorized read access to a subset of Oracle Retail Merchandising System accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:retail_merchandising_system:16.0",
- "cpe23Uri" : "cpe:2.3:a:oracle:retail_merchandising_system:16.0:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.4,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 3.1,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.5
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 4.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T16:33Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2731",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "peoplesoft_enterprise_scm_eprocurement",
- "version" : {
- "version_data" : [ {
- "version_value" : "9.1"
- }, {
- "version_value" : "9.2"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102610"
- }, {
- "url" : "http://www.securitytracker.com/id/1040204"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eProcurement. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM eProcurement accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise SCM eProcurement accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_scm_eprocurement:9.1",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_scm_eprocurement:9.1:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:peoplesoft_enterprise_scm_eprocurement:9.2",
- "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_scm_eprocurement:9.2:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.4,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 2.5
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.5
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 4.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T16:33Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2732",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102683"
- }, {
- "url" : "http://www.securitytracker.com/id/1040214"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Financial Services Analytical Applications Reconciliation Framework component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Reconciliation Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Reconciliation Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-18T18:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-2733",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "oracle",
- "product" : {
- "product_data" : [ {
- "product_name" : "hyperion_planning",
- "version" : {
- "version_data" : [ {
- "version_value" : "11.1.2.4.007"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
- }, {
- "url" : "http://www.securityfocus.com/bid/102634"
- }, {
- "url" : "http://www.securitytracker.com/id/1040206"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4.007. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hyperion Planning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Planning. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oracle:hyperion_planning:11.1.2.4.007",
- "cpe23Uri" : "cpe:2.3:a:oracle:hyperion_planning:11.1.2.4.007:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.6,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.0,
- "impactScore" : 6.0
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:S/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.6
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-18T02:29Z",
- "lastModifiedDate" : "2018-01-19T16:33Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-3610",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00108&languageid=en-fr"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T21:29Z",
- "lastModifiedDate" : "2018-01-10T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-3810",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-287"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html"
- }, {
- "url" : "https://wordpress.org/plugins/smart-google-code-inserter/#developers"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/8987"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43420/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oturia:smart_google_code_inserter:::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:oturia:smart_google_code_inserter:*:*:*:*:*:wordpress:*:*",
- "versionEndExcluding" : "3.5"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 9.8,
- "baseSeverity" : "CRITICAL"
- },
- "exploitabilityScore" : 3.9,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 7.5
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 10.0,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-01T06:29Z",
- "lastModifiedDate" : "2018-01-16T18:38Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-3811",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-89"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html"
- }, {
- "url" : "https://wordpress.org/plugins/smart-google-code-inserter/#developers"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/8988"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43420/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST[\"oId\"] variable before passing it as input into the SQL query."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:oturia:smart_google_code_inserter:::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:oturia:smart_google_code_inserter:*:*:*:*:*:wordpress:*:*",
- "versionEndExcluding" : "3.5"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 9.8,
- "baseSeverity" : "CRITICAL"
- },
- "exploitabilityScore" : 3.9,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 7.5
- },
- "severity" : "HIGH",
- "exploitabilityScore" : 10.0,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-01T06:29Z",
- "lastModifiedDate" : "2018-01-16T18:39Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-3813",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "flir",
- "product" : {
- "product_data" : [ {
- "product_name" : "brickstream_2300_2d_firmware",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.0_4.1.53.166"
- } ]
- }
- }, {
- "product_name" : "brickstream_2300_3d+_firmware",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.0_4.1.53.166"
- } ]
- }
- }, {
- "product_name" : "brickstream_2300_3d_firmware",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.0_4.1.53.166"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-200"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://misteralfa-hack.blogspot.cl/2018/01/brickstream-recuento-y-seguimiento-de.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:flir:brickstream_2300_2d_firmware:2.0_4.1.53.166",
- "cpe23Uri" : "cpe:2.3:o:flir:brickstream_2300_2d_firmware:2.0_4.1.53.166:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/h:flir:brickstream_2300_2d:-",
- "cpe23Uri" : "cpe:2.3:h:flir:brickstream_2300_2d:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:flir:brickstream_2300_3d_firmware:2.0_4.1.53.166",
- "cpe23Uri" : "cpe:2.3:o:flir:brickstream_2300_3d_firmware:2.0_4.1.53.166:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/h:flir:brickstream_2300_3d:-",
- "cpe23Uri" : "cpe:2.3:h:flir:brickstream_2300_3d:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:flir:brickstream_2300_3d%2b_firmware:2.0_4.1.53.166",
- "cpe23Uri" : "cpe:2.3:o:flir:brickstream_2300_3d\\+_firmware:2.0_4.1.53.166:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : false,
- "cpe22Uri" : "cpe:/h:flir:brickstream_2300_3d%2b:-",
- "cpe23Uri" : "cpe:2.3:h:flir:brickstream_2300_3d\\+:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 9.8,
- "baseSeverity" : "CRITICAL"
- },
- "exploitabilityScore" : 3.9,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 10.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-01T20:29Z",
- "lastModifiedDate" : "2018-01-17T18:15Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-3814",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "craftcms",
- "product" : {
- "product_data" : [ {
- "product_name" : "craft_cms",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.6.3000"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-74"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/Snowty/myCVE/blob/master/CraftCMS-2.6.3000/README.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the \"Assets->Upload files\" screen and then the \"Replace it\" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:craftcms:craft_cms:2.6.3000",
- "cpe23Uri" : "cpe:2.3:a:craftcms:craft_cms:2.6.3000:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 8.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.5
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-01T20:29Z",
- "lastModifiedDate" : "2018-01-17T18:12Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-3815",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://packetstormsecurity.com/files/145724/communigatepro62-spoof"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The \"XML Interface to Messaging, Scheduling, and Signaling\" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-08T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-4862",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "octopus",
- "product" : {
- "product_data" : [ {
- "product_name" : "octopus_deploy",
- "version" : {
- "version_data" : [ {
- "version_value" : "3.2.11"
- }, {
- "version_value" : "3.2.15"
- }, {
- "version_value" : "3.2.16"
- }, {
- "version_value" : "3.2.17"
- }, {
- "version_value" : "3.2.19"
- }, {
- "version_value" : "3.2.20"
- }, {
- "version_value" : "3.2.21"
- }, {
- "version_value" : "3.2.22"
- }, {
- "version_value" : "3.2.23"
- }, {
- "version_value" : "3.2.24"
- }, {
- "version_value" : "3.3.0"
- }, {
- "version_value" : "3.3.1"
- }, {
- "version_value" : "3.3.2"
- }, {
- "version_value" : "3.3.3"
- }, {
- "version_value" : "3.3.4"
- }, {
- "version_value" : "3.3.5"
- }, {
- "version_value" : "3.3.6"
- }, {
- "version_value" : "3.3.8"
- }, {
- "version_value" : "3.3.9"
- }, {
- "version_value" : "3.3.10"
- }, {
- "version_value" : "3.3.11"
- }, {
- "version_value" : "3.3.12"
- }, {
- "version_value" : "3.3.14"
- }, {
- "version_value" : "3.3.15"
- }, {
- "version_value" : "3.3.16"
- }, {
- "version_value" : "3.3.17"
- }, {
- "version_value" : "3.3.18"
- }, {
- "version_value" : "3.3.19"
- }, {
- "version_value" : "3.3.20"
- }, {
- "version_value" : "3.3.21"
- }, {
- "version_value" : "3.3.22"
- }, {
- "version_value" : "3.3.24"
- }, {
- "version_value" : "3.3.25"
- }, {
- "version_value" : "3.3.26"
- }, {
- "version_value" : "3.3.27"
- }, {
- "version_value" : "3.4.0"
- }, {
- "version_value" : "3.4.1"
- }, {
- "version_value" : "3.4.3"
- }, {
- "version_value" : "3.4.4"
- }, {
- "version_value" : "3.4.5"
- }, {
- "version_value" : "3.4.6"
- }, {
- "version_value" : "3.4.7"
- }, {
- "version_value" : "3.4.8"
- }, {
- "version_value" : "3.4.9"
- }, {
- "version_value" : "3.4.10"
- }, {
- "version_value" : "3.4.11"
- }, {
- "version_value" : "3.4.12"
- }, {
- "version_value" : "3.4.13"
- }, {
- "version_value" : "3.4.14"
- }, {
- "version_value" : "3.4.15"
- }, {
- "version_value" : "3.5.1"
- }, {
- "version_value" : "3.5.2"
- }, {
- "version_value" : "3.5.4"
- }, {
- "version_value" : "3.5.5"
- }, {
- "version_value" : "3.5.6"
- }, {
- "version_value" : "3.5.7"
- }, {
- "version_value" : "3.5.8"
- }, {
- "version_value" : "3.5.9"
- }, {
- "version_value" : "3.6.0"
- }, {
- "version_value" : "3.6.1"
- }, {
- "version_value" : "3.6.2"
- }, {
- "version_value" : "3.7.0"
- }, {
- "version_value" : "3.7.1"
- }, {
- "version_value" : "3.7.2"
- }, {
- "version_value" : "3.7.3"
- }, {
- "version_value" : "3.7.4"
- }, {
- "version_value" : "3.7.5"
- }, {
- "version_value" : "3.7.6"
- }, {
- "version_value" : "3.7.7"
- }, {
- "version_value" : "3.7.8"
- }, {
- "version_value" : "3.7.9"
- }, {
- "version_value" : "3.7.10"
- }, {
- "version_value" : "3.7.11"
- }, {
- "version_value" : "3.7.12"
- }, {
- "version_value" : "3.7.13"
- }, {
- "version_value" : "3.7.14"
- }, {
- "version_value" : "3.7.15"
- }, {
- "version_value" : "3.7.16"
- }, {
- "version_value" : "3.7.17"
- }, {
- "version_value" : "3.7.18"
- }, {
- "version_value" : "3.8.0"
- }, {
- "version_value" : "3.8.1"
- }, {
- "version_value" : "3.8.2"
- }, {
- "version_value" : "3.8.3"
- }, {
- "version_value" : "3.8.4"
- }, {
- "version_value" : "3.8.5"
- }, {
- "version_value" : "3.8.6"
- }, {
- "version_value" : "3.8.7"
- }, {
- "version_value" : "3.8.8"
- }, {
- "version_value" : "3.8.9"
- }, {
- "version_value" : "3.9.0"
- }, {
- "version_value" : "3.10.0"
- }, {
- "version_value" : "3.10.1"
- }, {
- "version_value" : "3.11.0"
- }, {
- "version_value" : "3.11.1"
- }, {
- "version_value" : "3.11.2"
- }, {
- "version_value" : "3.11.3"
- }, {
- "version_value" : "3.11.4"
- }, {
- "version_value" : "3.11.5"
- }, {
- "version_value" : "3.11.6"
- }, {
- "version_value" : "3.11.7"
- }, {
- "version_value" : "3.11.9"
- }, {
- "version_value" : "3.11.10"
- }, {
- "version_value" : "3.11.11"
- }, {
- "version_value" : "3.11.12"
- }, {
- "version_value" : "3.11.13"
- }, {
- "version_value" : "3.11.14"
- }, {
- "version_value" : "3.11.15"
- }, {
- "version_value" : "3.11.16"
- }, {
- "version_value" : "3.11.17"
- }, {
- "version_value" : "3.11.18"
- }, {
- "version_value" : "3.12.0"
- }, {
- "version_value" : "3.12.1"
- }, {
- "version_value" : "3.12.2"
- }, {
- "version_value" : "3.12.3"
- }, {
- "version_value" : "3.12.4"
- }, {
- "version_value" : "3.12.5"
- }, {
- "version_value" : "3.12.6"
- }, {
- "version_value" : "3.12.7"
- }, {
- "version_value" : "3.12.9"
- }, {
- "version_value" : "3.13.0"
- }, {
- "version_value" : "3.13.1"
- }, {
- "version_value" : "3.13.2"
- }, {
- "version_value" : "3.13.3"
- }, {
- "version_value" : "3.13.5"
- }, {
- "version_value" : "3.13.6"
- }, {
- "version_value" : "3.13.7"
- }, {
- "version_value" : "3.13.9"
- }, {
- "version_value" : "3.13.10"
- }, {
- "version_value" : "3.14.1"
- }, {
- "version_value" : "3.14.15"
- }, {
- "version_value" : "3.14.159"
- }, {
- "version_value" : "3.14.1592"
- }, {
- "version_value" : "3.14.15926"
- }, {
- "version_value" : "3.15.0"
- }, {
- "version_value" : "3.15.1"
- }, {
- "version_value" : "3.15.2"
- }, {
- "version_value" : "3.15.3"
- }, {
- "version_value" : "3.15.4"
- }, {
- "version_value" : "3.15.5"
- }, {
- "version_value" : "3.15.6"
- }, {
- "version_value" : "3.15.7"
- }, {
- "version_value" : "3.15.8"
- }, {
- "version_value" : "3.16.0"
- }, {
- "version_value" : "3.16.1"
- }, {
- "version_value" : "3.16.2"
- }, {
- "version_value" : "3.16.3"
- }, {
- "version_value" : "3.16.4"
- }, {
- "version_value" : "3.16.5"
- }, {
- "version_value" : "3.16.6"
- }, {
- "version_value" : "3.16.7"
- }, {
- "version_value" : "3.17.0"
- }, {
- "version_value" : "3.17.1"
- }, {
- "version_value" : "3.17.2"
- }, {
- "version_value" : "3.17.3"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-284"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/OctopusDeploy/Issues/issues/4134"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:octopus:octopus_deploy",
- "cpe23Uri" : "cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "3.2.11",
- "versionEndIncluding" : "4.1.5"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 8.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:S/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.5
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.0,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-03T09:29Z",
- "lastModifiedDate" : "2018-01-17T15:40Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-4868",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "exiv2",
- "product" : {
- "product_data" : [ {
- "product_name" : "exiv2",
- "version" : {
- "version_data" : [ {
- "version_value" : "0.26"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-399"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102477"
- }, {
- "url" : "https://github.com/Exiv2/exiv2/issues/202"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:exiv2:exiv2:0.26",
- "cpe23Uri" : "cpe:2.3:a:exiv2:exiv2:0.26:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 5.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:N/I:N/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-03T09:29Z",
- "lastModifiedDate" : "2018-01-17T17:40Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-4871",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102465"
- }, {
- "url" : "http://www.securitytracker.com/id/1040155"
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2018:0081"
- }, {
- "url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T21:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5071",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the \"set ship name\" command. This is similar to a Cross Protocol Injection with SNMP."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T03:29Z",
- "lastModifiedDate" : "2018-01-08T03:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5072",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "advanced_real_estate_script_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "advanced_real_estate_script",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:advanced_real_estate_script_project:advanced_real_estate_script:-",
- "cpe23Uri" : "cpe:2.3:a:advanced_real_estate_script_project:advanced_real_estate_script:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.8,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.7,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-03T20:29Z",
- "lastModifiedDate" : "2018-01-16T18:03Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5073",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "advanced_real_estate_script_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "advanced_real_estate_script",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-352"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Online Ticket Booking has CSRF via admin/movieedit.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:advanced_real_estate_script_project:advanced_real_estate_script:-",
- "cpe23Uri" : "cpe:2.3:a:advanced_real_estate_script_project:advanced_real_estate_script:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 6.8,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 0.9,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 6.8,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-03T20:29Z",
- "lastModifiedDate" : "2018-01-17T17:48Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5074",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "advanced_real_estate_script_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "advanced_real_estate_script",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:advanced_real_estate_script_project:advanced_real_estate_script:-",
- "cpe23Uri" : "cpe:2.3:a:advanced_real_estate_script_project:advanced_real_estate_script:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.8,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.7,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-03T20:29Z",
- "lastModifiedDate" : "2018-01-16T18:03Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5075",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "advanced_real_estate_script_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "advanced_real_estate_script",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:advanced_real_estate_script_project:advanced_real_estate_script:-",
- "cpe23Uri" : "cpe:2.3:a:advanced_real_estate_script_project:advanced_real_estate_script:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.8,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.7,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-03T20:29Z",
- "lastModifiedDate" : "2018-01-12T20:21Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5076",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "advanced_real_estate_script_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "advanced_real_estate_script",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:advanced_real_estate_script_project:advanced_real_estate_script:-",
- "cpe23Uri" : "cpe:2.3:a:advanced_real_estate_script_project:advanced_real_estate_script:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.8,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.7,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-03T20:29Z",
- "lastModifiedDate" : "2018-01-17T14:50Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5077",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "advanced_real_estate_script_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "advanced_real_estate_script",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:advanced_real_estate_script_project:advanced_real_estate_script:-",
- "cpe23Uri" : "cpe:2.3:a:advanced_real_estate_script_project:advanced_real_estate_script:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.8,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.7,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-03T20:29Z",
- "lastModifiedDate" : "2018-01-17T14:50Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5078",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "advanced_real_estate_script_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "advanced_real_estate_script",
- "version" : {
- "version_data" : [ {
- "version_value" : "-"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Online Ticket Booking has XSS via the admin/eventlist.php cast parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:advanced_real_estate_script_project:advanced_real_estate_script:-",
- "cpe23Uri" : "cpe:2.3:a:advanced_real_estate_script_project:advanced_real_estate_script:-:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "HIGH",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.8,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.7,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-03T20:29Z",
- "lastModifiedDate" : "2018-01-16T19:24Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5079",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002130"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-03T21:29Z",
- "lastModifiedDate" : "2018-01-12T01:02Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5080",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x830020FC"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-03T21:29Z",
- "lastModifiedDate" : "2018-01-12T01:07Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5081",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x830020F0"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-03T21:29Z",
- "lastModifiedDate" : "2018-01-12T01:15Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5082",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002128"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-03T21:29Z",
- "lastModifiedDate" : "2018-01-12T01:15Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5083",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x8300215B"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-03T21:29Z",
- "lastModifiedDate" : "2018-01-12T01:15Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5084",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x8300212C"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-03T21:29Z",
- "lastModifiedDate" : "2018-01-12T01:15Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5085",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002124"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-03T21:29Z",
- "lastModifiedDate" : "2018-01-12T19:32Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5086",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x8300215F"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-03T21:29Z",
- "lastModifiedDate" : "2018-01-12T01:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5087",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002100"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-03T21:29Z",
- "lastModifiedDate" : "2018-01-12T01:30Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5088",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x8300211C"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-03T21:29Z",
- "lastModifiedDate" : "2018-01-12T01:30Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5189",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.exploit-db.com/exploits/43494/"
- }, {
- "url" : "https://www.fidusinfosec.com/jungo-windriver-code-execution-cve-2018-5189/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a \"double fetch\" vulnerability."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-11T16:29Z",
- "lastModifiedDate" : "2018-01-13T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5191",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000479. Reason: This candidate is a reservation duplicate of CVE-2017-1000479. Notes: All CVE users should reference CVE-2017-1000479 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-03T21:29Z",
- "lastModifiedDate" : "2018-01-05T02:31Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5195",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://help.hancom.com/cve/hoffice/en-US/CVE_en_050_01.htm"
- }, {
- "url" : "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=26983"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-17T17:29Z",
- "lastModifiedDate" : "2018-01-17T17:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5205",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://irssi.org/security/irssi_sa_2018_01.txt"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-06T16:29Z",
- "lastModifiedDate" : "2018-01-06T16:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5206",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://irssi.org/security/irssi_sa_2018_01.txt"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-06T16:29Z",
- "lastModifiedDate" : "2018-01-06T16:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5207",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://irssi.org/security/irssi_sa_2018_01.txt"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-06T16:29Z",
- "lastModifiedDate" : "2018-01-06T16:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5208",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://irssi.org/security/irssi_sa_2018_01.txt"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-06T16:29Z",
- "lastModifiedDate" : "2018-01-06T16:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5210",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://security.samsungmobile.com/securityUpdate.smsb"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-04T06:29Z",
- "lastModifiedDate" : "2018-01-04T06:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5211",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.exploit-db.com/exploits/43409/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T16:29Z",
- "lastModifiedDate" : "2018-01-09T16:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5212",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "simple_download_monitor_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "simple_download_monitor",
- "version" : {
- "version_data" : [ {
- "version_value" : "3.5.4"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805"
- }, {
- "url" : "https://github.com/Arsenal21/simple-download-monitor/issues/27"
- }, {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/simple-download-monitor.md"
- }, {
- "url" : "https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-simple-download-monitor/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:simple_download_monitor_project:simple_download_monitor:3.5.4::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:simple_download_monitor_project:simple_download_monitor:3.5.4:*:*:*:*:wordpress:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.4,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.3,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T18:29Z",
- "lastModifiedDate" : "2018-01-16T16:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5213",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "simple_download_monitor_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "simple_download_monitor",
- "version" : {
- "version_data" : [ {
- "version_value" : "3.5.4"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805"
- }, {
- "url" : "https://github.com/Arsenal21/simple-download-monitor/issues/27"
- }, {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/simple-download-monitor.md"
- }, {
- "url" : "https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-simple-download-monitor/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:simple_download_monitor_project:simple_download_monitor:3.5.4::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:simple_download_monitor_project:simple_download_monitor:3.5.4:*:*:*:*:wordpress:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.4,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.3,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T18:29Z",
- "lastModifiedDate" : "2018-01-16T16:18Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5214",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "add_link_to_facebook_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "add_link_to_facebook",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.3"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Add-Link-to-Facebook.md"
- }, {
- "url" : "https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-add-link-to-facebook/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The \"Add Link to Facebook\" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:add_link_to_facebook_project:add_link_to_facebook:::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:add_link_to_facebook_project:add_link_to_facebook:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding" : "2.3"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.4,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.3,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T18:29Z",
- "lastModifiedDate" : "2018-01-18T15:32Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5215",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "fork-cms",
- "product" : {
- "product_data" : [ {
- "product_name" : "fork_cms",
- "version" : {
- "version_data" : [ {
- "version_value" : "5.0.7"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/imsebao/404team/blob/master/forkcms.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:fork-cms:fork_cms:5.0.7",
- "cpe23Uri" : "cpe:2.3:a:fork-cms:fork_cms:5.0.7:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.4,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.3,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T19:29Z",
- "lastModifiedDate" : "2018-01-16T16:19Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5216",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "radiantcms",
- "product" : {
- "product_data" : [ {
- "product_name" : "radiant_cms",
- "version" : {
- "version_data" : [ {
- "version_value" : "1.1.4"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/imsebao/404team/blob/master/radiantcms.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:radiantcms:radiant_cms:1.1.4",
- "cpe23Uri" : "cpe:2.3:a:radiantcms:radiant_cms:1.1.4:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.4,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.3,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:S/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "SINGLE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 3.5
- },
- "severity" : "LOW",
- "exploitabilityScore" : 6.8,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-04T19:29Z",
- "lastModifiedDate" : "2018-01-16T16:19Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5217",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_95002578"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T19:29Z",
- "lastModifiedDate" : "2018-01-11T20:00Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5218",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_950025b0"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T19:29Z",
- "lastModifiedDate" : "2018-01-11T20:05Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5219",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_83002168"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T19:29Z",
- "lastModifiedDate" : "2018-01-11T20:09Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5220",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "k7computing",
- "product" : {
- "product_data" : [ {
- "product_name" : "antivirus",
- "version" : {
- "version_data" : [ {
- "version_value" : "15.1.0306"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_95002610"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:k7computing:antivirus:15.1.0306",
- "cpe23Uri" : "cpe:2.3:a:k7computing:antivirus:15.1.0306:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-04T19:29Z",
- "lastModifiedDate" : "2018-01-11T20:09Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5221",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://hyp3rlinx.altervista.org/advisories/BARCODEWIZ-v6.7-ACTIVEX-COMPONENT-BUFFER-OVERFLOW.txt"
- }, {
- "url" : "http://packetstormsecurity.com/files/145731/BarcodeWiz-ActiveX-Control-Buffer-Overflow.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T16:29Z",
- "lastModifiedDate" : "2018-01-09T16:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5244",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102433"
- }, {
- "url" : "https://xenbits.xen.org/xsa/advisory-253.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/o:xen:xen",
- "cpe23Uri" : "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "4.10.0"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "CHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 6.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.0,
- "impactScore" : 4.0
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:N/I:N/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 4.9
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 6.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-05T18:29Z",
- "lastModifiedDate" : "2018-01-19T14:44Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5246",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "imagemagick",
- "product" : {
- "product_data" : [ {
- "product_name" : "imagemagick",
- "version" : {
- "version_data" : [ {
- "version_value" : "7.0.7-17"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-399"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102469"
- }, {
- "url" : "https://github.com/ImageMagick/ImageMagick/issues/929"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:imagemagick:imagemagick:7.0.7-17",
- "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:7.0.7-17:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 6.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:N/I:N/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-05T19:29Z",
- "lastModifiedDate" : "2018-01-16T16:20Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5247",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "imagemagick",
- "product" : {
- "product_data" : [ {
- "product_name" : "imagemagick",
- "version" : {
- "version_data" : [ {
- "version_value" : "7.0.7-17"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-399"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ImageMagick/ImageMagick/issues/928"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:imagemagick:imagemagick:7.0.7-17",
- "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:7.0.7-17:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 6.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:N/I:N/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-05T19:29Z",
- "lastModifiedDate" : "2018-01-16T16:20Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5248",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "imagemagick",
- "product" : {
- "product_data" : [ {
- "product_name" : "imagemagick",
- "version" : {
- "version_data" : [ {
- "version_value" : "7.0.7-17"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102431"
- }, {
- "url" : "https://github.com/ImageMagick/ImageMagick/issues/927"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:imagemagick:imagemagick:7.0.7-17",
- "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:7.0.7-17:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 8.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.8
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-05T19:29Z",
- "lastModifiedDate" : "2018-01-16T16:21Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5249",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "shaarli_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "shaarli",
- "version" : {
- "version_data" : [ {
- "version_value" : "0.0.40"
- }, {
- "version_value" : "0.0.41"
- }, {
- "version_value" : "0.0.42"
- }, {
- "version_value" : "0.0.43"
- }, {
- "version_value" : "0.0.44"
- }, {
- "version_value" : "0.0.45"
- }, {
- "version_value" : "0.5.0"
- }, {
- "version_value" : "0.5.1"
- }, {
- "version_value" : "0.5.2"
- }, {
- "version_value" : "0.5.3"
- }, {
- "version_value" : "0.5.4"
- }, {
- "version_value" : "0.6.0"
- }, {
- "version_value" : "0.6.1"
- }, {
- "version_value" : "0.6.2"
- }, {
- "version_value" : "0.6.3"
- }, {
- "version_value" : "0.6.4"
- }, {
- "version_value" : "0.6.5"
- }, {
- "version_value" : "0.7.0"
- }, {
- "version_value" : "0.7.1"
- }, {
- "version_value" : "0.8.0"
- }, {
- "version_value" : "0.8.1"
- }, {
- "version_value" : "0.8.2"
- }, {
- "version_value" : "0.8.3"
- }, {
- "version_value" : "0.8.4"
- }, {
- "version_value" : "0.9.0"
- }, {
- "version_value" : "0.9.1"
- }, {
- "version_value" : "0.9.2"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/shaarli/Shaarli/pull/1046"
- }, {
- "url" : "https://github.com/shaarli/Shaarli/releases/tag/v0.8.5"
- }, {
- "url" : "https://github.com/shaarli/Shaarli/releases/tag/v0.9.3"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:shaarli_project:shaarli",
- "cpe23Uri" : "cpe:2.3:a:shaarli_project:shaarli:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "0.8.5"
- } ]
- }, {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:shaarli_project:shaarli",
- "cpe23Uri" : "cpe:2.3:a:shaarli_project:shaarli:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "0.9.0",
- "versionEndExcluding" : "0.9.3"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.1,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-05T20:29Z",
- "lastModifiedDate" : "2018-01-17T14:50Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5251",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "libming",
- "product" : {
- "product_data" : [ {
- "product_name" : "libming",
- "version" : {
- "version_data" : [ {
- "version_value" : "0.4.8"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-189"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/libming/libming/issues/97"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:libming:libming:0.4.8",
- "cpe23Uri" : "cpe:2.3:a:libming:libming:0.4.8:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 6.5,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:N/I:N/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-05T20:29Z",
- "lastModifiedDate" : "2018-01-17T14:49Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5252",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "imageworsener_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "imageworsener",
- "version" : {
- "version_data" : [ {
- "version_value" : "1.3.2"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/jsummers/imageworsener/issues/34"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:imageworsener_project:imageworsener:1.3.2",
- "cpe23Uri" : "cpe:2.3:a:imageworsener_project:imageworsener:1.3.2:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 5.3,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 1.6,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:H/Au:N/C:N/I:N/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "HIGH",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 2.6
- },
- "severity" : "LOW",
- "exploitabilityScore" : 4.9,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-05T21:29Z",
- "lastModifiedDate" : "2018-01-18T22:30Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5253",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "axiosys",
- "product" : {
- "product_data" : [ {
- "product_name" : "bento4",
- "version" : {
- "version_data" : [ {
- "version_value" : "1.5.1.0"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/axiomatic-systems/Bento4/issues/233"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:axiosys:bento4:1.5.1.0",
- "cpe23Uri" : "cpe:2.3:a:axiosys:bento4:1.5.1.0:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:P/I:P/A:P)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.8
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 6.4,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-05T21:29Z",
- "lastModifiedDate" : "2018-01-17T14:46Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5258",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://gist.github.com/rlaneth/d2203c206d5d5acbdaf6069e78b1d07f"
- }, {
- "url" : "https://radialle.com/cve-2018-5258-writeup-aplicativo-do-banco-neon-para-ios-n%C3%A3o-valida-certificados-ssl-84bed0b0cecb"
- }, {
- "url" : "https://www.tecmundo.com.br/seguranca/126192-banco-neon-falha-permite-hacker-acesse-conta-roube-dados-clientes.htm"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-17T17:29Z",
- "lastModifiedDate" : "2018-01-17T17:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5259",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.whsgwl.net/text.php?textid=3"
- }, {
- "url" : "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IH8SA"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T09:29Z",
- "lastModifiedDate" : "2018-01-08T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5262",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://packetstormsecurity.com/files/145825/DiskBoss-Enterprise-8.8.16-Buffer-Overflow.html"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43478/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T17:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5263",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://stackideas.com/blog/easydiscuss4021-update"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43488/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T23:29Z",
- "lastModifiedDate" : "2018-01-13T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5266",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T03:29Z",
- "lastModifiedDate" : "2018-01-08T03:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5267",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T03:29Z",
- "lastModifiedDate" : "2018-01-08T03:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5268",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/opencv/opencv/issues/10541"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-08T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5269",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/opencv/opencv/issues/10540"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-08T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5270",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "malwarebytes",
- "product" : {
- "product_data" : [ {
- "product_name" : "malwarebytes",
- "version" : {
- "version_data" : [ {
- "version_value" : "3.3.1.2183"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e010"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:malwarebytes:malwarebytes:3.3.1.2183::~~premium~~~",
- "cpe23Uri" : "cpe:2.3:a:malwarebytes:malwarebytes:3.3.1.2183:*:*:*:premium:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 6.1
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 8.5,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-19T19:20Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5271",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102471"
- }, {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e008"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5272",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e004"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-08T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5273",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e014"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-08T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5274",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E024"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-08T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5275",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9C40E020"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-08T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5276",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e018"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-08T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5277",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e000"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-08T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5278",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e00c"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-08T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5279",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102453"
- }, {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e02c"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T05:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5280",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102438"
- }, {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=1725"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T09:29Z",
- "lastModifiedDate" : "2018-01-10T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5281",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102443"
- }, {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=1729"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T09:29Z",
- "lastModifiedDate" : "2018-01-10T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5282",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.exploit-db.com/exploits/43547/"
- }, {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=1943"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T09:29Z",
- "lastModifiedDate" : "2018-01-15T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5283",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=1600"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T09:29Z",
- "lastModifiedDate" : "2018-01-08T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5284",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/ImageInject.md"
- }, {
- "url" : "https://wordpress.org/support/topic/stored-xss-csrf-bug-at-the-latest-version-of-imageinject/"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/8994"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-11T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5285",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/ImageInject.md"
- }, {
- "url" : "https://wordpress.org/support/topic/stored-xss-csrf-bug-at-the-latest-version-of-imageinject/"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/8994"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-11T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5286",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "gd_rating_system_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "gd_rating_system",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.3"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md"
- }, {
- "url" : "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/8995"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:gd_rating_system_project:gd_rating_system:2.3::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:gd_rating_system_project:gd_rating_system:2.3:*:*:*:*:wordpress:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.1,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-19T18:39Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5287",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "gd_rating_system_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "gd_rating_system",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.3"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-22"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md"
- }, {
- "url" : "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/8995"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:gd_rating_system_project:gd_rating_system:2.3::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:gd_rating_system_project:gd_rating_system:2.3:*:*:*:*:wordpress:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 3.9,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 10.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-19T18:13Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5288",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "gd_rating_system_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "gd_rating_system",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.3"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md"
- }, {
- "url" : "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/8995"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:gd_rating_system_project:gd_rating_system:2.3::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:gd_rating_system_project:gd_rating_system:2.3:*:*:*:*:wordpress:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.1,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-19T18:40Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5289",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "gd_rating_system_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "gd_rating_system",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.3"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-22"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md"
- }, {
- "url" : "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/8995"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:gd_rating_system_project:gd_rating_system:2.3::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:gd_rating_system_project:gd_rating_system:2.3:*:*:*:*:wordpress:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 3.9,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 10.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-19T18:21Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5290",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "gd_rating_system_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "gd_rating_system",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.3"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-22"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md"
- }, {
- "url" : "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/8995"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:gd_rating_system_project:gd_rating_system:2.3::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:gd_rating_system_project:gd_rating_system:2.3:*:*:*:*:wordpress:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 3.9,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 10.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-19T18:28Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5291",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "gd_rating_system_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "gd_rating_system",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.3"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-22"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md"
- }, {
- "url" : "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/8995"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:gd_rating_system_project:gd_rating_system:2.3::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:gd_rating_system_project:gd_rating_system:2.3:*:*:*:*:wordpress:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 7.5,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 3.9,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 10.0,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-19T18:32Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5292",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "gd_rating_system_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "gd_rating_system",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.3"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md"
- }, {
- "url" : "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/8995"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:gd_rating_system_project:gd_rating_system:2.3::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:gd_rating_system_project:gd_rating_system:2.3:*:*:*:*:wordpress:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.1,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-19T17:46Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5293",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ {
- "vendor_name" : "gd_rating_system_project",
- "product" : {
- "product_data" : [ {
- "product_name" : "gd_rating_system",
- "version" : {
- "version_data" : [ {
- "version_value" : "2.3"
- } ]
- }
- } ]
- }
- } ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-79"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md"
- }, {
- "url" : "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/8995"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe" : [ {
- "vulnerable" : true,
- "cpe22Uri" : "cpe:/a:gd_rating_system_project:gd_rating_system:2.3::~~~wordpress~~",
- "cpe23Uri" : "cpe:2.3:a:gd_rating_system_project:gd_rating_system:2.3:*:*:*:*:wordpress:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "CHANGED",
- "confidentialityImpact" : "LOW",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 6.1,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.8,
- "impactScore" : 2.7
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "(AV:N/AC:M/Au:N/C:N/I:P/A:N)",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-19T17:48Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5294",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/libming/libming/issues/98"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-08T07:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5295",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1531897"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-08T07:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5296",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1531956"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T07:29Z",
- "lastModifiedDate" : "2018-01-08T07:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5298",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://1337sec.blogspot.de/2018/01/auditing-oral-b-app-v500.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In the Procter & Gamble \"Oral-B App\" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T08:29Z",
- "lastModifiedDate" : "2018-01-08T08:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5299",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43604"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T22:29Z",
- "lastModifiedDate" : "2018-01-16T22:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5301",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://magento.com/security/patches/magento-2010-and-212-security-update"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-08T22:29Z",
- "lastModifiedDate" : "2018-01-08T22:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5308",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532390"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T05:29Z",
- "lastModifiedDate" : "2018-01-09T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5309",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532381"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T05:29Z",
- "lastModifiedDate" : "2018-01-09T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5310",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/media-from-ftp.md"
- }, {
- "url" : "https://wordpress.org/plugins/media-from-ftp/#developers"
- }, {
- "url" : "https://wordpress.org/support/topic/any-directory-traversal-bugs-at-the-latest-version-of-media-from-ftp/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In the \"Media from FTP\" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T05:29Z",
- "lastModifiedDate" : "2018-01-09T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5311",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/easy-custom-auto-excerpt.md"
- }, {
- "url" : "https://wordpress.org/support/topic/stored-xss-bugs-at-the-latest-version-of-easy-custom-auto-excerpt/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T05:29Z",
- "lastModifiedDate" : "2018-01-09T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5312",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/tabs-responsive.md"
- }, {
- "url" : "https://wordpress.org/support/topic/stored-xss-bugs-at-the-latest-version-of-tabs-responsive/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T05:29Z",
- "lastModifiedDate" : "2018-01-09T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5315",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://packetstormsecurity.com/files/145833/WordPress-Events-Calendar-1.0-SQL-Injection.html"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43479/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T17:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5316",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://packetstormsecurity.com/files/145459/WordPress-Sagepay-Server-Gateway-For-WooCommerce-1.0.7-XSS.html"
- }, {
- "url" : "https://wordpress.org/plugins/sagepay-server-gateway-for-woocommerce/#developers"
- }, {
- "url" : "https://wordpress.org/support/topic/sagepay-server-gateway-for-woocommerce-1-0-7-cross-site-scripting/#post-9792337"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The \"SagePay Server Gateway for WooCommerce\" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-09T22:29Z",
- "lastModifiedDate" : "2018-01-09T22:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5326",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://twitter.com/mishradhiraj_/status/950975902892150785"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified \"older\" Android platforms, allows Same Origin Policy Bypass."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T02:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5327",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://twitter.com/mishradhiraj_/status/950975902892150785"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified \"older\" Android platforms, allows Same Origin Policy Bypass."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T02:29Z",
- "lastModifiedDate" : "2018-01-12T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5328",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://becomepentester.blogspot.com/2018/01/ZUUSE-BEIMS-ContractorWeb-Privilege-Escalations-CVE-2018-5328.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-15T21:29Z",
- "lastModifiedDate" : "2018-01-15T21:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5329",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://becomepentester.blogspot.com/2018/01/ZUUSE-BEIMS-ContractorWeb-CSRF-CVE-2018-5329.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-15T21:29Z",
- "lastModifiedDate" : "2018-01-15T21:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5330",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://packetstormsecurity.com/files/145863/ZyXEL-P-660HW-UDP-Denial-Of-Service.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T19:29Z",
- "lastModifiedDate" : "2018-01-16T19:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5331",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.whsgwl.net/text.php?textid=32"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-10T09:29Z",
- "lastModifiedDate" : "2018-01-10T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5332",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c"
- }, {
- "url" : "http://www.securityfocus.com/bid/102507"
- }, {
- "url" : "https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-11T07:29Z",
- "lastModifiedDate" : "2018-01-17T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5333",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737"
- }, {
- "url" : "http://www.securityfocus.com/bid/102510"
- }, {
- "url" : "https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-11T07:29Z",
- "lastModifiedDate" : "2018-01-17T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5334",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102499"
- }, {
- "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14297"
- }, {
- "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc308c05ba0673460fe80873b22d296880ee996d"
- }, {
- "url" : "https://www.wireshark.org/security/wnpa-sec-2018-03.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-11T21:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5335",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102500"
- }, {
- "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14251"
- }, {
- "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086b87376b988c555484349aa115d6e08ac6db07"
- }, {
- "url" : "https://www.wireshark.org/security/wnpa-sec-2018-04.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-11T21:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5336",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102504"
- }, {
- "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14253"
- }, {
- "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f4c95cf46ba6adbd10b09747e10742801bc706b"
- }, {
- "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6702e49a9720d173246668495eece6d77eca5b0"
- }, {
- "url" : "https://www.wireshark.org/security/wnpa-sec-2018-01.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-11T21:29Z",
- "lastModifiedDate" : "2018-01-17T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5344",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5"
- }, {
- "url" : "http://www.securityfocus.com/bid/102503"
- }, {
- "url" : "https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-17T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5345",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1527296"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T00:29Z",
- "lastModifiedDate" : "2018-01-12T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5347",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://blogs.securiteam.com/index.php/archives/3548"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43659/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T01:29Z",
- "lastModifiedDate" : "2018-01-18T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5357",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/102497"
- }, {
- "url" : "https://github.com/ImageMagick/ImageMagick/issues/941"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-17T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5358",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ImageMagick/ImageMagick/issues/939"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-12T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5360",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://sourceforge.net/p/graphicsmagick/bugs/540/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T02:29Z",
- "lastModifiedDate" : "2018-01-15T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5361",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/9003"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5362",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/9003"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5363",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/9003"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5364",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/9003"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5365",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/9003"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5366",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/9003"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5367",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/9003"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5368",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/SrbTransLatin.md"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/9004"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5369",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/SrbTransLatin.md"
- }, {
- "url" : "https://wpvulndb.com/vulnerabilities/9004"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5370",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://packetstormsecurity.com/files/145872/Xnami-Image-Sharing-1.0-Cross-Site-Scripting.html"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43535/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T19:29Z",
- "lastModifiedDate" : "2018-01-18T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5371",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.iplantom.com/2018/01/10/dsl2640U/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-12T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5372",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.defensecode.com/advisories/DC-2018-01-005_WordPress_Testimonial_Slider_Plugin_Advisory.pdf"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\\sliders.php (current_slider_id parameter)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-12T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5373",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.defensecode.com/advisories/DC-2018-01-004_WordPress_Smooth_Slider_Plugin_Advisory.pdf"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-12T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5374",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.defensecode.com/advisories/DC-2017-01-003_WordPress_Dbox_3D_Slider_Lite_Plugin_Advisory.pdf"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\\sliders.php (current_slider_id parameter)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-12T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5375",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.whsgwl.net/text.php?textid=34"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Discuz! DiscuzX X3.4 has XSS via the include\\spacecp\\spacecp_space.php appid parameter in a delete action."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-12T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5376",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.whsgwl.net/text.php?textid=35"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Discuz! DiscuzX X3.4 has XSS via the include\\spacecp\\spacecp_upload.php op parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-12T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5377",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.whsgwl.net/text.php?textid=36"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\\index.php action parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T09:29Z",
- "lastModifiedDate" : "2018-01-12T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5479",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.exploit-db.com/exploits/43567/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-15T16:29Z",
- "lastModifiedDate" : "2018-01-15T16:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5650",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ckolivas/lrzip/issues/88"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-12T22:29Z",
- "lastModifiedDate" : "2018-01-12T22:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5651",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5652",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5653",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5654",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5655",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5656",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5657",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title_icon parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5658",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5659",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_title parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5660",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_sub_title parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5661",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_width parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5662",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5663",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php button_text_link parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5664",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php social_icon_1 parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5665",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_height parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5666",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bg_color parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5667",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/read-and-understood.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5668",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/read-and-understood.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5669",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/read-and-understood.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5670",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5671",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5672",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5673",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T00:29Z",
- "lastModifiedDate" : "2018-01-13T00:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5681",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://forge.prestashop.com/browse/BOOM-4612"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "PrestaShop 1.7.2.4 has XSS via source-code editing on the \"Pages > Edit page\" screen."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T05:29Z",
- "lastModifiedDate" : "2018-01-13T05:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5682",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://forge.prestashop.com/browse/BOOM-4613"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a \"This account does not exist\" error message."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-13T05:29Z",
- "lastModifiedDate" : "2018-01-15T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5684",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1110"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T02:29Z",
- "lastModifiedDate" : "2018-01-15T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5685",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6"
- }, {
- "url" : "https://sourceforge.net/p/graphicsmagick/bugs/541/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T02:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5686",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=698860"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T02:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5687",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://gitee.com/copy_cat/newbeecms_xss"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T02:29Z",
- "lastModifiedDate" : "2018-01-14T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5688",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ILIAS-eLearning/ILIAS/commit/c0f326d05231072e33679b84835c03d5043255cb"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43595/"
- }, {
- "url" : "https://www.ilias.de/docu/goto_docu_pg_75029_35.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T20:29Z",
- "lastModifiedDate" : "2018-01-18T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5689",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://dev.dotclear.org/2.0/changeset/3b0b868d58b00a1b216e0dc13c461bb3550ed3da"
- }, {
- "url" : "https://hg.dotclear.org/dotclear/rev/3b0b868d58b0"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T04:29Z",
- "lastModifiedDate" : "2018-01-14T04:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5690",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://dev.dotclear.org/2.0/changeset/3b0b868d58b00a1b216e0dc13c461bb3550ed3da"
- }, {
- "url" : "https://hg.dotclear.org/dotclear/rev/3b0b868d58b0"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T04:29Z",
- "lastModifiedDate" : "2018-01-14T04:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5691",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867"
- }, {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=1819"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T04:29Z",
- "lastModifiedDate" : "2018-01-14T04:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5692",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=2005"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T04:29Z",
- "lastModifiedDate" : "2018-01-14T04:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5693",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=2113"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T04:29Z",
- "lastModifiedDate" : "2018-01-14T04:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5694",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=1907"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T04:29Z",
- "lastModifiedDate" : "2018-01-14T04:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5695",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=1940"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T04:29Z",
- "lastModifiedDate" : "2018-01-14T04:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5696",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=1927"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T04:29Z",
- "lastModifiedDate" : "2018-01-14T04:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5697",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=2006"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T04:29Z",
- "lastModifiedDate" : "2018-01-14T04:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5698",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/WizardMac/ReadStat/issues/108"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T04:29Z",
- "lastModifiedDate" : "2018-01-14T04:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5700",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/0xWfox/Winmail/blob/master/Winmail_6.2.md"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-14T20:29Z",
- "lastModifiedDate" : "2018-01-14T20:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5702",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
- }, {
- "url" : "https://github.com/transmission/transmission/pull/468"
- }, {
- "url" : "https://twitter.com/taviso/status/951526615145566208"
- }, {
- "url" : "https://www.debian.org/security/2018/dsa-4087"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43665/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-15T16:29Z",
- "lastModifiedDate" : "2018-01-18T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5703",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://groups.google.com/d/msg/syzkaller-bugs/0PBeVnSzfqQ/5eXAlM46BQAJ"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T09:29Z",
- "lastModifiedDate" : "2018-01-16T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5704",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://sourceforge.net/p/openocd/mailman/message/36188041/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T09:29Z",
- "lastModifiedDate" : "2018-01-16T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5706",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/OctopusDeploy/Issues/issues/4167"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T10:29Z",
- "lastModifiedDate" : "2018-01-16T10:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5709",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T09:29Z",
- "lastModifiedDate" : "2018-01-16T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5710",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T09:29Z",
- "lastModifiedDate" : "2018-01-16T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5711",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://php.net/ChangeLog-5.php"
- }, {
- "url" : "http://php.net/ChangeLog-7.php"
- }, {
- "url" : "https://bugs.php.net/bug.php?id=75571"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T09:29Z",
- "lastModifiedDate" : "2018-01-16T09:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5712",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://php.net/ChangeLog-5.php"
- }, {
- "url" : "http://php.net/ChangeLog-7.php"
- }, {
- "url" : "http://www.securityfocus.com/bid/102742"
- }, {
- "url" : "https://bugs.php.net/bug.php?id=74782"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T09:29Z",
- "lastModifiedDate" : "2018-01-21T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5713",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/whiteHat001/DRIVER_POC/tree/master/malwarefox/0x80002010"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T19:29Z",
- "lastModifiedDate" : "2018-01-16T19:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5714",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/whiteHat001/DRIVER_POC/tree/master/malwarefox/0x80002054"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T19:29Z",
- "lastModifiedDate" : "2018-01-16T19:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5715",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://m4k4br0.github.io/sugarcrm-xss/"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43683/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T20:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5721",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.w0lfzhang.com/2018/01/17/ASUS-router-stack-overflow-in-http-server/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a \"_wan_if\" substring."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-17T06:29Z",
- "lastModifiedDate" : "2018-01-17T06:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5723",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://syrion.me/blog/master-ipcam/"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43693/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T22:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5724",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://syrion.me/blog/master-ipcam/"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43693/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T22:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5725",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://syrion.me/blog/master-ipcam/"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43693/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T22:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5726",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://syrion.me/blog/master-ipcam/"
- }, {
- "url" : "https://www.exploit-db.com/exploits/43693/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T22:29Z",
- "lastModifiedDate" : "2018-01-20T02:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5727",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/uclouvain/openjpeg/issues/1053"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T22:29Z",
- "lastModifiedDate" : "2018-01-16T22:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5728",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-donde-esta-mi-barco.html"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-16T23:29Z",
- "lastModifiedDate" : "2018-01-16T23:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5747",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ckolivas/lrzip/issues/90"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-17T19:29Z",
- "lastModifiedDate" : "2018-01-17T19:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5764",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS"
- }, {
- "url" : "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-17T22:29Z",
- "lastModifiedDate" : "2018-01-17T22:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5766",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1112"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T07:29Z",
- "lastModifiedDate" : "2018-01-18T07:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5772",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/Exiv2/exiv2/issues/216"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T07:29Z",
- "lastModifiedDate" : "2018-01-18T07:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5773",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/trentm/python-markdown2/issues/285"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T21:29Z",
- "lastModifiedDate" : "2018-01-18T21:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5776",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://codex.wordpress.org/Version_4.9.2"
- }, {
- "url" : "https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850"
- }, {
- "url" : "https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement)."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-18T22:29Z",
- "lastModifiedDate" : "2018-01-18T22:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5783",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1536179"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-19T08:29Z",
- "lastModifiedDate" : "2018-01-19T08:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5784",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2772"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-19T08:29Z",
- "lastModifiedDate" : "2018-01-19T08:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5785",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/uclouvain/openjpeg/issues/1057"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-19T08:29Z",
- "lastModifiedDate" : "2018-01-19T08:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5786",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ckolivas/lrzip/issues/91"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-19T08:29Z",
- "lastModifiedDate" : "2018-01-19T08:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5955",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://blogs.securiteam.com/index.php/archives/3557"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-21T22:29Z",
- "lastModifiedDate" : "2018-01-21T22:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5956",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/ZillyaAntivirus_POC/tree/master/0x9C402414"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-21T22:29Z",
- "lastModifiedDate" : "2018-01-21T22:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5957",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/ZillyaAntivirus_POC/tree/master/0x9C40242C"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-21T22:29Z",
- "lastModifiedDate" : "2018-01-21T22:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5958",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/ZillyaAntivirus_POC/tree/master/0x9C402424"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-21T22:29Z",
- "lastModifiedDate" : "2018-01-21T22:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5960",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=2043"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-22T01:29Z",
- "lastModifiedDate" : "2018-01-22T01:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5961",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=1835"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-22T01:29Z",
- "lastModifiedDate" : "2018-01-22T01:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5962",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://www.vulnerability-lab.com/get_content.php?id=1836"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-22T01:29Z",
- "lastModifiedDate" : "2018-01-22T01:29Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2018-5968",
- "ASSIGNER" : "cve@mitre.org"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [ ]
- }
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://github.com/FasterXML/jackson-databind/issues/1899"
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2018-01-22T04:29Z",
- "lastModifiedDate" : "2018-01-22T04:29Z"
- } ]
-}
\ No newline at end of file |