new files

Author: ahouseholder

data/13/vu_608413/vu_608413.json

@@ -0,0 +1,62 @@
+{
+  "Author": "This document was written by [Unassigned].",
+  "CAM_AttackerAccessRequired": "0",
+  "CAM_EaseOfExploitation": "0",
+  "CAM_Exploitation": "0",
+  "CAM_Impact": "0",
+  "CAM_InternetInfrastructure": "0",
+  "CAM_Population": "0",
+  "CAM_ScoreCurrent": 0,
+  "CAM_ScoreCurrentWidelyKnown": 0,
+  "CAM_ScoreCurrentWidelyKnownExploited": 0,
+  "CAM_WidelyKnown": "0",
+  "CERTAdvisory": "",
+  "CVEIDs": "",
+  "CVSS_AccessComplexity": "--",
+  "CVSS_AccessVector": "--",
+  "CVSS_Authenication": "--",
+  "CVSS_AvailabilityImpact": "--",
+  "CVSS_BaseScore": 0,
+  "CVSS_BaseVector": "AV:--/AC:--/Au:--/C:--/I:--/A:--",
+  "CVSS_CollateralDamagePotential": "ND",
+  "CVSS_ConfidentialityImpact": "--",
+  "CVSS_EnvironmentalScore": 0,
+  "CVSS_EnvironmentalVector": "CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND",
+  "CVSS_Exploitability": "ND",
+  "CVSS_IntegrityImpact": "--",
+  "CVSS_RemediationLevel": "ND",
+  "CVSS_ReportConfidence": "ND",
+  "CVSS_SecurityRequirementsAR": "ND",
+  "CVSS_SecurityRequirementsCR": "ND",
+  "CVSS_SecurityRequirementsIR": "ND",
+  "CVSS_TargetDistribution": "ND",
+  "CVSS_TemporalScore": 0,
+  "CVSS_TemporalVector": "E:ND/RL:ND/RC:ND",
+  "DateCreated": "2019-05-09T09:06:37-04:00",
+  "DateFirstPublished": "",
+  "DateLastUpdated": "2019-05-09T14:58:00-04:00",
+  "DatePublic": "",
+  "Description": "",
+  "ID": "VU#608413",
+  "IDNumber": "608413",
+  "IPProtocol": "",
+  "Impact": "The complete impact of this vulnerability is not yet known.",
+  "Keywords": [
+    "Jay Angus",
+    "ICS-CERT",
+    "Report #15"
+  ],
+  "Overview": "",
+  "References": "",
+  "Resolution": "The CERT/CC is currently unaware of a practical solution to this problem.",
+  "Revision": 5,
+  "SystemsAffectedPreamble": "",
+  "ThanksAndCredit": "",
+  "Title": "Neptune web page suffers from broken authentication",
+  "US-CERTTechnicalAlert": "",
+  "VRDA_D1_DirectReport": "0",
+  "VRDA_D1_Impact": "",
+  "VRDA_D1_Population": "",
+  "VulnerabilityCount": 1,
+  "Workarounds": ""
+}

data/13/vu_756913/vendor_molr-b7ehxb.json

@@ -0,0 +1,14 @@
+{
+  "Addendum": "There are no additional comments at this time.",
+  "DateLastUpdated": "2018-12-13T08:35:00-05:00",
+  "DateNotified": "2018-12-05T00:00:00",
+  "DateResponded": "",
+  "ID": "VU#756913",
+  "Revision": 1,
+  "Status": "Affected",
+  "Vendor": "Pixar Animation Studios",
+  "VendorInformation": "We are not aware of further vendor information regarding this vulnerability.",
+  "VendorRecordID": "MOLR-B7EHXB",
+  "VendorReferences": "None",
+  "VendorStatement": "No statement is currently available from the vendor regarding this vulnerability."
+}

data/13/vu_756913/vu_756913.json

@@ -0,0 +1,67 @@
+{
+  "Author": "This document was written by Madison Oliver.",
+  "CAM_AttackerAccessRequired": "0",
+  "CAM_EaseOfExploitation": "0",
+  "CAM_Exploitation": "0",
+  "CAM_Impact": "0",
+  "CAM_InternetInfrastructure": "0",
+  "CAM_Population": "0",
+  "CAM_ScoreCurrent": 0,
+  "CAM_ScoreCurrentWidelyKnown": 0,
+  "CAM_ScoreCurrentWidelyKnownExploited": 0,
+  "CAM_WidelyKnown": "0",
+  "CERTAdvisory": "",
+  "CVEIDs": "CVE-2018-5411",
+  "CVSS_AccessComplexity": "L",
+  "CVSS_AccessVector": "L",
+  "CVSS_Authenication": "S",
+  "CVSS_AvailabilityImpact": "P",
+  "CVSS_BaseScore": 3.2,
+  "CVSS_BaseVector": "AV:L/AC:L/Au:S/C:N/I:P/A:P",
+  "CVSS_CollateralDamagePotential": "L",
+  "CVSS_ConfidentialityImpact": "N",
+  "CVSS_EnvironmentalScore": 0.81340236580705,
+  "CVSS_EnvironmentalVector": "CDP:L/TD:L/CR:ND/IR:ND/AR:ND",
+  "CVSS_Exploitability": "POC",
+  "CVSS_IntegrityImpact": "P",
+  "CVSS_RemediationLevel": "OF",
+  "CVSS_ReportConfidence": "C",
+  "CVSS_SecurityRequirementsAR": "ND",
+  "CVSS_SecurityRequirementsCR": "ND",
+  "CVSS_SecurityRequirementsIR": "ND",
+  "CVSS_TargetDistribution": "L",
+  "CVSS_TemporalScore": 2.5,
+  "CVSS_TemporalVector": "E:POC/RL:OF/RC:C",
+  "DateCreated": "2018-08-20T08:47:03-04:00",
+  "DateFirstPublished": "2018-12-13T09:12:46-05:00",
+  "DateLastUpdated": "2019-01-28T12:04:00-05:00",
+  "DatePublic": "2018-12-12T00:00:00",
+  "Description": "Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability (CWE-79) in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert JavaScript into this note field that is then saved and displayed to the end user.",
+  "ID": "VU#756913",
+  "IDNumber": "756913",
+  "IPProtocol": "",
+  "Impact": "An authenticated attacker might include JavaScript that could execute on an authenticated user's system, which could lead to website redirects, session cookie hijacking, social engineering, and other impacts. Since the attacker's script is stored with the information about the node, all other users with access to this data are also vulnerable.",
+  "Keywords": [
+    "Pixar",
+    "Tractor",
+    "rendering software",
+    "stored XSS",
+    "CVE-2018-5411"
+  ],
+  "Overview": "Pixar's Tractor network rendering software is vulnerable to stored cross-site scripting which may allow an attacker to execute arbitrary JavaScript.",
+  "References": [
+    "https://cwe.mitre.org/data/definitions/79.html",
+    "https://renderman.pixar.com/product/tractor"
+  ],
+  "Resolution": "Apply an update\nPixar has released an updated version of this software that addresses this vulnerability, Tractor version 2.3 (build 1923604). Affected users should update to this version.",
+  "Revision": 55,
+  "SystemsAffectedPreamble": "",
+  "ThanksAndCredit": "Thanks to the reporter who wishes to remain anonymous.",
+  "Title": "Pixar Tractor contains a stored cross-site scripting vulnerability",
+  "US-CERTTechnicalAlert": "",
+  "VRDA_D1_DirectReport": "1",
+  "VRDA_D1_Impact": "",
+  "VRDA_D1_Population": "1",
+  "VulnerabilityCount": 1,
+  "Workarounds": ""
+}

data/15/vu_171515/vu_171515.json

@@ -0,0 +1,58 @@
+{
+  "Author": "This document was written by [Unassigned].",
+  "CAM_AttackerAccessRequired": "0",
+  "CAM_EaseOfExploitation": "0",
+  "CAM_Exploitation": "0",
+  "CAM_Impact": "0",
+  "CAM_InternetInfrastructure": "0",
+  "CAM_Population": "0",
+  "CAM_ScoreCurrent": 0,
+  "CAM_ScoreCurrentWidelyKnown": 0,
+  "CAM_ScoreCurrentWidelyKnownExploited": 0,
+  "CAM_WidelyKnown": "0",
+  "CERTAdvisory": "",
+  "CVEIDs": "CVE-2019-8563",
+  "CVSS_AccessComplexity": "--",
+  "CVSS_AccessVector": "--",
+  "CVSS_Authenication": "--",
+  "CVSS_AvailabilityImpact": "--",
+  "CVSS_BaseScore": 0,
+  "CVSS_BaseVector": "AV:--/AC:--/Au:--/C:--/I:--/A:--",
+  "CVSS_CollateralDamagePotential": "ND",
+  "CVSS_ConfidentialityImpact": "--",
+  "CVSS_EnvironmentalScore": 0,
+  "CVSS_EnvironmentalVector": "CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND",
+  "CVSS_Exploitability": "ND",
+  "CVSS_IntegrityImpact": "--",
+  "CVSS_RemediationLevel": "ND",
+  "CVSS_ReportConfidence": "ND",
+  "CVSS_SecurityRequirementsAR": "ND",
+  "CVSS_SecurityRequirementsCR": "ND",
+  "CVSS_SecurityRequirementsIR": "ND",
+  "CVSS_TargetDistribution": "ND",
+  "CVSS_TemporalScore": 0,
+  "CVSS_TemporalVector": "E:ND/RL:ND/RC:ND",
+  "DateCreated": "2019-03-08T11:02:41-05:00",
+  "DateFirstPublished": "",
+  "DateLastUpdated": "2019-03-28T11:32:00-04:00",
+  "DatePublic": "",
+  "Description": "",
+  "ID": "VU#171515",
+  "IDNumber": "171515",
+  "IPProtocol": "",
+  "Impact": "The complete impact of this vulnerability is not yet known.",
+  "Keywords": "",
+  "Overview": "",
+  "References": "",
+  "Resolution": "The CERT/CC is currently unaware of a practical solution to this problem.",
+  "Revision": 6,
+  "SystemsAffectedPreamble": "",
+  "ThanksAndCredit": "",
+  "Title": "Array unshift/shift should not race against the AI in the compiler thread",
+  "US-CERTTechnicalAlert": "",
+  "VRDA_D1_DirectReport": "0",
+  "VRDA_D1_Impact": "",
+  "VRDA_D1_Population": "",
+  "VulnerabilityCount": 1,
+  "Workarounds": ""
+}

data/15/vu_174715/vendor_tnoy-badkzb.json

@@ -0,0 +1,14 @@
+{
+  "Addendum": "",
+  "DateLastUpdated": "2019-04-08T17:39:00-04:00",
+  "DateNotified": "2019-01-25T14:32:49-05:00",
+  "DateResponded": "",
+  "ID": "VU#174715",
+  "Revision": 5,
+  "Status": "Affected",
+  "Vendor": "AutoMobility Distribution Inc",
+  "VendorInformation": "MyCar is one of AutoMobility Distribution's brands.",
+  "VendorRecordID": "TNOY-BADKZB",
+  "VendorReferences": "https://mycarcontrols.com/",
+  "VendorStatement": "On behalf of the ownership of MyCar Controls, We have been made aware of a vulnerability issue in our systems late in January 2019. Since then, all the resources at our disposal have been used to promptly address the situation, and we have fully resolved the issue. During this vulnerability period, no actual incident or issue with compromised privacy or functionality has been reported to us or detected by our systems. Rest assured, the entire organization is focused on making our product the most secure and versatile product in the remote starter industry. Passion, hard work and accountability will always be the hallmarks of our organization. We thank you for your understanding and continued support. The AutoMobility Management Team"
+}

data/15/vu_174715/vu_174715.json

@@ -0,0 +1,63 @@
+{
+  "Author": "This document was written by Trent Novelly.",
+  "CAM_AttackerAccessRequired": "0",
+  "CAM_EaseOfExploitation": "0",
+  "CAM_Exploitation": "0",
+  "CAM_Impact": "0",
+  "CAM_InternetInfrastructure": "0",
+  "CAM_Population": "0",
+  "CAM_ScoreCurrent": 0,
+  "CAM_ScoreCurrentWidelyKnown": 0,
+  "CAM_ScoreCurrentWidelyKnownExploited": 0,
+  "CAM_WidelyKnown": "0",
+  "CERTAdvisory": "",
+  "CVEIDs": "CVE-2019-9493 ",
+  "CVSS_AccessComplexity": "L",
+  "CVSS_AccessVector": "N",
+  "CVSS_Authenication": "N",
+  "CVSS_AvailabilityImpact": "P",
+  "CVSS_BaseScore": 7.5,
+  "CVSS_BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+  "CVSS_CollateralDamagePotential": "L",
+  "CVSS_ConfidentialityImpact": "P",
+  "CVSS_EnvironmentalScore": 1.56860981566523,
+  "CVSS_EnvironmentalVector": "CDP:L/TD:L/CR:ND/IR:ND/AR:ND",
+  "CVSS_Exploitability": "POC",
+  "CVSS_IntegrityImpact": "P",
+  "CVSS_RemediationLevel": "OF",
+  "CVSS_ReportConfidence": "C",
+  "CVSS_SecurityRequirementsAR": "ND",
+  "CVSS_SecurityRequirementsCR": "ND",
+  "CVSS_SecurityRequirementsIR": "ND",
+  "CVSS_TargetDistribution": "L",
+  "CVSS_TemporalScore": 5.9,
+  "CVSS_TemporalVector": "E:POC/RL:OF/RC:C",
+  "DateCreated": "2019-01-23T14:06:13-05:00",
+  "DateFirstPublished": "2019-04-08T17:16:02-04:00",
+  "DateLastUpdated": "2019-04-12T10:05:00-04:00",
+  "DatePublic": "2019-04-08T00:00:00",
+  "Description": "MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation, remote start/stop and lock/unlock capabilities to a vehicle with a compatible remote start unit. The MyCar Controls mobile application contains hard-coded admin credentials (CWE-798) which can be used in place of a user's username and password to communicate with the server endpoint for a target user's account. This vulnerability affects versions prior to 3.4.24 on iOS and prior to 4.1.2 on Android.",
+  "ID": "VU#174715",
+  "IDNumber": "174715",
+  "IPProtocol": "",
+  "Impact": "A remote un-authenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle.",
+  "Keywords": "IoT",
+  "Overview": "The MyCar Controls mobile applications prior to v3.4.24 on iOS and prior to v4.1.2 on Android contains hard-coded admin credentials.",
+  "References": [
+    "https://mycarcontrols.com/",
+    "https://cwe.mitre.org/data/definitions/798.html",
+    "https://itunes.apple.com/us/app/mycar-controls/id1126511815",
+    "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control"
+  ],
+  "Resolution": "Update Phone App\nAutoMobility has updated their mobile apps to remove the hard coded credentials. On iOS the updated version is v3.4.24, and on Android the updated version is v4.1.2. Additionally the admin credentials in old versions of the mobile application have been revoked.",
+  "Revision": 19,
+  "SystemsAffectedPreamble": "The MyCar unit and corresponding mobile application may be rebranded and sold by other vendors as something other than MyCar. Other brands include: Carlink\nLinkr\nVisions MyCar\nMyCar Kia\nThese brands have also been updated.",
+  "ThanksAndCredit": "Thanks to Jmaxxz for reporting this vulnerability.",
+  "Title": "MyCar Controls uses hard-coded credentials",
+  "US-CERTTechnicalAlert": "",
+  "VRDA_D1_DirectReport": "1",
+  "VRDA_D1_Impact": "",
+  "VRDA_D1_Population": "",
+  "VulnerabilityCount": 1,
+  "Workarounds": ""
+}

data/15/vu_741315/vendor_molr-b7mks6.json

@@ -0,0 +1,14 @@
+{
+  "Addendum": "There are no additional comments at this time.",
+  "DateLastUpdated": "2018-12-20T10:11:00-05:00",
+  "DateNotified": "2018-12-19T00:00:00",
+  "DateResponded": "",
+  "ID": "VU#741315",
+  "Revision": 2,
+  "Status": "Affected",
+  "Vendor": "MooseFS",
+  "VendorInformation": "We are not aware of further vendor information regarding this vulnerability.",
+  "VendorRecordID": "MOLR-B7MKS6",
+  "VendorReferences": "None",
+  "VendorStatement": "No statement is currently available from the vendor regarding this vulnerability."
+}

data/15/vu_741315/vendor_molr-b7mktw.json

@@ -0,0 +1,14 @@
+{
+  "Addendum": "There are no additional comments at this time.",
+  "DateLastUpdated": "2018-12-20T10:12:00-05:00",
+  "DateNotified": "2018-12-19T00:00:00",
+  "DateResponded": "",
+  "ID": "VU#741315",
+  "Revision": 1,
+  "Status": "Affected",
+  "Vendor": "Atmo O",
+  "VendorInformation": "We are not aware of further vendor information regarding this vulnerability.",
+  "VendorRecordID": "MOLR-B7MKTW",
+  "VendorReferences": "None",
+  "VendorStatement": "No statement is currently available from the vendor regarding this vulnerability."
+}

data/15/vu_741315/vendor_molr-b7mku8.json

@@ -0,0 +1,14 @@
+{
+  "Addendum": "There are no additional comments at this time.",
+  "DateLastUpdated": "2018-12-20T10:12:00-05:00",
+  "DateNotified": "2018-12-19T00:00:00",
+  "DateResponded": "",
+  "ID": "VU#741315",
+  "Revision": 1,
+  "Status": "Affected",
+  "Vendor": "fuse-nfs",
+  "VendorInformation": "We are not aware of further vendor information regarding this vulnerability.",
+  "VendorRecordID": "MOLR-B7MKU8",
+  "VendorReferences": "None",
+  "VendorStatement": "No statement is currently available from the vendor regarding this vulnerability."
+}

data/15/vu_741315/vendor_molr-b7mkuj.json

@@ -0,0 +1,14 @@
+{
+  "Addendum": "There are no additional comments at this time.",
+  "DateLastUpdated": "2018-12-20T10:13:00-05:00",
+  "DateNotified": "2018-12-19T00:00:00",
+  "DateResponded": "",
+  "ID": "VU#741315",
+  "Revision": 1,
+  "Status": "Affected",
+  "Vendor": "RedFS",
+  "VendorInformation": "We are not aware of further vendor information regarding this vulnerability.",
+  "VendorRecordID": "MOLR-B7MKUJ",
+  "VendorReferences": "None",
+  "VendorStatement": "No statement is currently available from the vendor regarding this vulnerability."
+}