diff --git a/2004/0xxx/CVE-2004-0068.json b/2004/0xxx/CVE-2004-0068.json index 57887900ae5..de630f5e55e 100644 --- a/2004/0xxx/CVE-2004-0068.json +++ b/2004/0xxx/CVE-2004-0068.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040114 PhpDig 1.6.x: remote command execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107412194008671&w=2" - }, - { - "name" : "http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393", - "refsource" : "CONFIRM", - "url" : "http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393" - }, - { - "name" : "9424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9424" - }, - { - "name" : "phpdig-config-file-include(14826)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9424" + }, + { + "name": "phpdig-config-file-include(14826)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14826" + }, + { + "name": "20040114 PhpDig 1.6.x: remote command execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107412194008671&w=2" + }, + { + "name": "http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393", + "refsource": "CONFIRM", + "url": "http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0337.json b/2004/0xxx/CVE-2004-0337.json index bfaf48a6d61..2883a801d54 100644 --- a/2004/0xxx/CVE-2004-0337.json +++ b/2004/0xxx/CVE-2004-0337.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be REJECTed in the future." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107799540630302&w=2" - }, - { - "name" : "20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html" - }, - { - "name" : "602pro-index-xss(15351)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15351" - }, - { - "name" : "9777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be REJECTed in the future." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html" + }, + { + "name": "9777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9777" + }, + { + "name": "602pro-index-xss(15351)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15351" + }, + { + "name": "20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107799540630302&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0429.json b/2004/0xxx/CVE-2004-0429.json index ac419cfd54a..f1fe3881efe 100644 --- a/2004/0xxx/CVE-2004-0429.json +++ b/2004/0xxx/CVE-2004-0429.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability related to \"the handling of large requests\" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040503 [product-security@apple.com: APPLE-SA-2004-05-03 Security Update 2004-05-03]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108369640424244&w=2" - }, - { - "name" : "APPLE-SA-2004-05-03", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/May/msg00000.html" - }, - { - "name" : "ESB-2004.0314", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=4070" - }, - { - "name" : "O-138", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-138.shtml" - }, - { - "name" : "1010045", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010045" - }, - { - "name" : "11539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11539/" - }, - { - "name" : "macos-radmin-large-request(16053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability related to \"the handling of large requests\" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040503 [product-security@apple.com: APPLE-SA-2004-05-03 Security Update 2004-05-03]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108369640424244&w=2" + }, + { + "name": "1010045", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010045" + }, + { + "name": "ESB-2004.0314", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=4070" + }, + { + "name": "macos-radmin-large-request(16053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16053" + }, + { + "name": "APPLE-SA-2004-05-03", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/May/msg00000.html" + }, + { + "name": "11539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11539/" + }, + { + "name": "O-138", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-138.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0609.json b/2004/0xxx/CVE-2004-0609.json index 81e531e0c0f..ce6a33e8078 100644 --- a/2004/0xxx/CVE-2004-0609.json +++ b/2004/0xxx/CVE-2004-0609.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040619 Security flaw in rssh", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108787373022844&w=2" - }, - { - "name" : "10574", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10574" - }, - { - "name" : "rssh-jail-obtain-info(16470)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10574", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10574" + }, + { + "name": "20040619 Security flaw in rssh", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108787373022844&w=2" + }, + { + "name": "rssh-jail-obtain-info(16470)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16470" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1371.json b/2004/1xxx/CVE-2004-1371.json index 8731f9365f2..f3112b121e9 100644 --- a/2004/1xxx/CVE-2004-1371.json +++ b/2004/1xxx/CVE-2004-1371.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041223 Oracle wrapped procedure overflow (#NISR2122004J)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110382570313035&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/oracle23122004J.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/oracle23122004J.txt" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf" - }, - { - "name" : "101782", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1" - }, - { - "name" : "TA04-245A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-245A.html" - }, - { - "name" : "VU#316206", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/316206" - }, - { - "name" : "10871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10871" - }, - { - "name" : "oracle-wrapped-procedure-bo(18666)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ngssoftware.com/advisories/oracle23122004J.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/oracle23122004J.txt" + }, + { + "name": "20041223 Oracle wrapped procedure overflow (#NISR2122004J)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110382570313035&w=2" + }, + { + "name": "VU#316206", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/316206" + }, + { + "name": "TA04-245A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html" + }, + { + "name": "oracle-wrapped-procedure-bo(18666)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18666" + }, + { + "name": "10871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10871" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf" + }, + { + "name": "101782", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1542.json b/2004/1xxx/CVE-2004-1542.json index a3c7f760b7e..27852140ddd 100644 --- a/2004/1xxx/CVE-2004-1542.json +++ b/2004/1xxx/CVE-2004-1542.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041123 Broadcast memory corruption in Soldier of Fortune II 1.03", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110124208811327&w=2" - }, - { - "name" : "11735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11735" - }, - { - "name" : "13289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13289" - }, - { - "name" : "soldier-fortune-bo(18211)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11735" + }, + { + "name": "13289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13289" + }, + { + "name": "soldier-fortune-bo(18211)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18211" + }, + { + "name": "20041123 Broadcast memory corruption in Soldier of Fortune II 1.03", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110124208811327&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1826.json b/2004/1xxx/CVE-2004-1826.json index a595f6139f6..79b5346b5d3 100644 --- a/2004/1xxx/CVE-2004-1826.json +++ b/2004/1xxx/CVE-2004-1826.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040316 Mambo Open Source Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107945576020593&w=2" - }, - { - "name" : "9891", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9891" - }, - { - "name" : "4307", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4307" - }, - { - "name" : "11140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11140" - }, - { - "name" : "mambo-id-sql-injection(15500)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mambo-id-sql-injection(15500)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15500" + }, + { + "name": "4307", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4307" + }, + { + "name": "11140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11140" + }, + { + "name": "9891", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9891" + }, + { + "name": "20040316 Mambo Open Source Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107945576020593&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1986.json b/2004/1xxx/CVE-2004-1986.json index 0d0c4645e57..c230381663a 100644 --- a/2004/1xxx/CVE-2004-1986.json +++ b/2004/1xxx/CVE-2004-1986.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108360247732014&w=2" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=26", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=26" - }, - { - "name" : "10253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10253" - }, - { - "name" : "5758", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5758" - }, - { - "name" : "1010001", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010001" - }, - { - "name" : "11524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11524" - }, - { - "name" : "coppermine-modulesphp-directory-traversal(16042)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "coppermine-modulesphp-directory-traversal(16042)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16042" + }, + { + "name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108360247732014&w=2" + }, + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=26", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=26" + }, + { + "name": "1010001", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010001" + }, + { + "name": "5758", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5758" + }, + { + "name": "10253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10253" + }, + { + "name": "11524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11524" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1992.json b/2004/1xxx/CVE-2004-1992.json index fced1251f9c..507233b1b89 100644 --- a/2004/1xxx/CVE-2004-1992.json +++ b/2004/1xxx/CVE-2004-1992.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040503 Serv-U LIST -l Parameter Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108360377119290&w=2" - }, - { - "name" : "20040503 Serv-U LIST -l Parameter Buffer Overflow", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=108359620108234&w=2" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html" - }, - { - "name" : "10181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10181" - }, - { - "name" : "5546", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5546" - }, - { - "name" : "1009869", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009869" - }, - { - "name" : "11430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11430" - }, - { - "name" : "servu-list-command-bo(15913)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040503 Serv-U LIST -l Parameter Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108360377119290&w=2" + }, + { + "name": "5546", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5546" + }, + { + "name": "10181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10181" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html" + }, + { + "name": "11430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11430" + }, + { + "name": "20040503 Serv-U LIST -l Parameter Buffer Overflow", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=108359620108234&w=2" + }, + { + "name": "servu-list-command-bo(15913)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15913" + }, + { + "name": "1009869", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009869" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2931.json b/2008/2xxx/CVE-2008-2931.json index fa5951f75c2..8024f37cbec 100644 --- a/2008/2xxx/CVE-2008-2931.json +++ b/2008/2xxx/CVE-2008-2931.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080708 CVE-2008-2931 kernel: missing check before setting mount propagation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/08/3" - }, - { - "name" : "[oss-security] 20080708 Re: CVE-2008-2931 kernel: missing check before setting mount propagation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/08/4" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ee6f958291e2a768fd727e7a67badfff0b67711a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ee6f958291e2a768fd727e7a67badfff0b67711a" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=454388", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=454388" - }, - { - "name" : "DSA-1630", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1630" - }, - { - "name" : "RHSA-2008:0885", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0885.html" - }, - { - "name" : "SUSE-SA:2008:035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html" - }, - { - "name" : "SUSE-SA:2008:038", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html" - }, - { - "name" : "SUSE-SR:2008:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" - }, - { - "name" : "SUSE-SA:2008:049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html" - }, - { - "name" : "USN-637-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/637-1/" - }, - { - "name" : "30126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30126" - }, - { - "name" : "oval:org.mitre.oval:def:10437", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10437" - }, - { - "name" : "31614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31614" - }, - { - "name" : "32023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32023" - }, - { - "name" : "31551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31551" - }, - { - "name" : "32759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32759" - }, - { - "name" : "30982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30982" - }, - { - "name" : "linux-kernel-dochangetype-priv-escalation(43696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1630", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1630" + }, + { + "name": "linux-kernel-dochangetype-priv-escalation(43696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43696" + }, + { + "name": "RHSA-2008:0885", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0885.html" + }, + { + "name": "SUSE-SA:2008:038", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html" + }, + { + "name": "USN-637-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/637-1/" + }, + { + "name": "oval:org.mitre.oval:def:10437", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10437" + }, + { + "name": "SUSE-SA:2008:035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html" + }, + { + "name": "31614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31614" + }, + { + "name": "30982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30982" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ee6f958291e2a768fd727e7a67badfff0b67711a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ee6f958291e2a768fd727e7a67badfff0b67711a" + }, + { + "name": "[oss-security] 20080708 Re: CVE-2008-2931 kernel: missing check before setting mount propagation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/08/4" + }, + { + "name": "31551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31551" + }, + { + "name": "30126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30126" + }, + { + "name": "32023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32023" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=454388", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454388" + }, + { + "name": "32759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32759" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22" + }, + { + "name": "[oss-security] 20080708 CVE-2008-2931 kernel: missing check before setting mount propagation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/08/3" + }, + { + "name": "SUSE-SA:2008:049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html" + }, + { + "name": "SUSE-SR:2008:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3025.json b/2008/3xxx/CVE-2008-3025.json index 48717ffc378..57d75dac8ae 100644 --- a/2008/3xxx/CVE-2008-3025.json +++ b/2008/3xxx/CVE-2008-3025.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter in a redir action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5988", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5988" - }, - { - "name" : "30046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30046" - }, - { - "name" : "30897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30897" - }, - { - "name" : "plxadtrader-ad-sql-injection(43525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter in a redir action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30046" + }, + { + "name": "30897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30897" + }, + { + "name": "5988", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5988" + }, + { + "name": "plxadtrader-ad-sql-injection(43525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43525" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3102.json b/2008/3xxx/CVE-2008-3102.json index a5dff8bac6e..28d7fea4fe0 100644 --- a/2008/3xxx/CVE-2008-3102.json +++ b/2008/3xxx/CVE-2008-3102.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080922 menalto gallery: Session hijacking vulnerability, CVE-2008-3102", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496625/100/0/threaded" - }, - { - "name" : "20080923 mantis CVE-2008-3102 (Re: menalto gallery: Session hijacking vulnerability, CVE-2008-3102)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496684/100/0/threaded" - }, - { - "name" : "http://int21.de/cve/CVE-2008-3102-mantis.html", - "refsource" : "MISC", - "url" : "http://int21.de/cve/CVE-2008-3102-mantis.html" - }, - { - "name" : "FEDORA-2008-8925", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00504.html" - }, - { - "name" : "FEDORA-2008-9015", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00648.html" - }, - { - "name" : "GLSA-200812-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml" - }, - { - "name" : "31344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31344" - }, - { - "name" : "32975", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32975" - }, - { - "name" : "32243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32243" - }, - { - "name" : "32330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32330" - }, - { - "name" : "4298", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4298" - }, - { - "name" : "mantis-cookie-session-hijacking(45395)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31344" + }, + { + "name": "32243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32243" + }, + { + "name": "FEDORA-2008-9015", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00648.html" + }, + { + "name": "4298", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4298" + }, + { + "name": "20080923 mantis CVE-2008-3102 (Re: menalto gallery: Session hijacking vulnerability, CVE-2008-3102)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496684/100/0/threaded" + }, + { + "name": "32975", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32975" + }, + { + "name": "GLSA-200812-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml" + }, + { + "name": "32330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32330" + }, + { + "name": "mantis-cookie-session-hijacking(45395)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45395" + }, + { + "name": "FEDORA-2008-8925", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00504.html" + }, + { + "name": "20080922 menalto gallery: Session hijacking vulnerability, CVE-2008-3102", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496625/100/0/threaded" + }, + { + "name": "http://int21.de/cve/CVE-2008-3102-mantis.html", + "refsource": "MISC", + "url": "http://int21.de/cve/CVE-2008-3102-mantis.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3313.json b/2008/3xxx/CVE-2008-3313.json index a0c97b7f68c..97b2b9ca625 100644 --- a/2008/3xxx/CVE-2008-3313.json +++ b/2008/3xxx/CVE-2008-3313.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30284" - }, - { - "name" : "creacms-editionarticle-file-include(43906)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "creacms-editionarticle-file-include(43906)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43906" + }, + { + "name": "30284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30284" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3695.json b/2008/3xxx/CVE-2008-3695.json index 4fe4a8cfc02..4375bf4d1fd 100644 --- a/2008/3xxx/CVE-2008-3695.json +++ b/2008/3xxx/CVE-2008-3695.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495869/100/0/threaded" - }, - { - "name" : "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html" - }, - { - "name" : "http://www.vmware.com/support/ace/doc/releasenotes_ace.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ace/doc/releasenotes_ace.html" - }, - { - "name" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" - }, - { - "name" : "http://www.vmware.com/support/player/doc/releasenotes_player.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player/doc/releasenotes_player.html" - }, - { - "name" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" - }, - { - "name" : "http://www.vmware.com/support/server/doc/releasenotes_server.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/server/doc/releasenotes_server.html" - }, - { - "name" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" - }, - { - "name" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0014.html" - }, - { - "name" : "30934", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30934" - }, - { - "name" : "ADV-2008-2466", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2466" - }, - { - "name" : "1020791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020791" - }, - { - "name" : "31707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31707" - }, - { - "name" : "31708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31708" - }, - { - "name" : "31709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31709" - }, - { - "name" : "31710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31710" - }, - { - "name" : "4202", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html" + }, + { + "name": "31709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31709" + }, + { + "name": "http://www.vmware.com/support/server/doc/releasenotes_server.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" + }, + { + "name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" + }, + { + "name": "1020791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020791" + }, + { + "name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" + }, + { + "name": "31710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31710" + }, + { + "name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html" + }, + { + "name": "30934", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30934" + }, + { + "name": "http://www.vmware.com/support/player/doc/releasenotes_player.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html" + }, + { + "name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" + }, + { + "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded" + }, + { + "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html" + }, + { + "name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" + }, + { + "name": "31707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31707" + }, + { + "name": "31708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31708" + }, + { + "name": "4202", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4202" + }, + { + "name": "ADV-2008-2466", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2466" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4208.json b/2008/4xxx/CVE-2008-4208.json index c70f0200278..f735137b074 100644 --- a/2008/4xxx/CVE-2008-4208.json +++ b/2008/4xxx/CVE-2008-4208.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in OSADS Alliance Database before 2.1 has unknown impact and attack vectors, possibly related to includes/functions.php, a different issue than CVE-2006-2874." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=163285&release_id=625654", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=163285&release_id=625654" - }, - { - "name" : "31198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31198" - }, - { - "name" : "31876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31876" - }, - { - "name" : "osads-database-unspecified(45149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in OSADS Alliance Database before 2.1 has unknown impact and attack vectors, possibly related to includes/functions.php, a different issue than CVE-2006-2874." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=163285&release_id=625654", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=163285&release_id=625654" + }, + { + "name": "31198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31198" + }, + { + "name": "31876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31876" + }, + { + "name": "osads-database-unspecified(45149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45149" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6139.json b/2008/6xxx/CVE-2008-6139.json index 3fa3aa069e5..79a74c7789e 100644 --- a/2008/6xxx/CVE-2008-6139.json +++ b/2008/6xxx/CVE-2008-6139.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6703", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6703" - }, - { - "name" : "31655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31655" - }, - { - "name" : "modulescontroller-download-dir-traversal(45772)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6703", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6703" + }, + { + "name": "31655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31655" + }, + { + "name": "modulescontroller-download-dir-traversal(45772)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45772" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6311.json b/2008/6xxx/CVE-2008-6311.json index dad2c7be7d3..340968dd6ab 100644 --- a/2008/6xxx/CVE-2008-6311.json +++ b/2008/6xxx/CVE-2008-6311.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7411", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7411" - }, - { - "name" : "33086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33086" - }, - { - "name" : "butterfly-mytable-sql-injection(49012)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "butterfly-mytable-sql-injection(49012)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49012" + }, + { + "name": "7411", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7411" + }, + { + "name": "33086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33086" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6349.json b/2008/6xxx/CVE-2008-6349.json index ed98af77e88..c869d7e9e6d 100644 --- a/2008/6xxx/CVE-2008-6349.json +++ b/2008/6xxx/CVE-2008-6349.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7029", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7029" - }, - { - "name" : "32169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32169" - }, - { - "name" : "32561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32561" - }, - { - "name" : "businesssurvey-surveyresults-sql-injection(46420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7029", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7029" + }, + { + "name": "32561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32561" + }, + { + "name": "businesssurvey-surveyresults-sql-injection(46420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46420" + }, + { + "name": "32169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32169" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6909.json b/2008/6xxx/CVE-2008-6909.json index 7a5e3615e1f..d4762638c5e 100644 --- a/2008/6xxx/CVE-2008-6909.json +++ b/2008/6xxx/CVE-2008-6909.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/348295", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/348295" - }, - { - "name" : "32894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32894" - }, - { - "name" : "50743", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50743" - }, - { - "name" : "services-insecure-hash-weak-security(47458)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458" - }, - { - "name" : "services-request-security-bypass(52438)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "services-request-security-bypass(52438)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52438" + }, + { + "name": "50743", + "refsource": "OSVDB", + "url": "http://osvdb.org/50743" + }, + { + "name": "32894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32894" + }, + { + "name": "http://drupal.org/node/348295", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/348295" + }, + { + "name": "services-insecure-hash-weak-security(47458)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2122.json b/2013/2xxx/CVE-2013-2122.json index 7781729574e..c73fc32e508 100644 --- a/2013/2xxx/CVE-2013-2122.json +++ b/2013/2xxx/CVE-2013-2122.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the \"edit comments\" permission to edit arbitrary comments of other users via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130529 [Security-news] SA-CONTRIB-2013-048 - Edit Limit - Access Bypass", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/May/208" - }, - { - "name" : "[oss-security] 20130529 Re: CVE request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/29/9" - }, - { - "name" : "https://drupal.org/node/2007048", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2007048" - }, - { - "name" : "https://drupal.org/node/2006188", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2006188" - }, - { - "name" : "60209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60209" - }, - { - "name" : "93725", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/93725" - }, - { - "name" : "53556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53556" - }, - { - "name" : "drupal-editlimit-cve20132122-security-bypass(84630)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the \"edit comments\" permission to edit arbitrary comments of other users via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drupal.org/node/2007048", + "refsource": "MISC", + "url": "https://drupal.org/node/2007048" + }, + { + "name": "20130529 [Security-news] SA-CONTRIB-2013-048 - Edit Limit - Access Bypass", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/May/208" + }, + { + "name": "[oss-security] 20130529 Re: CVE request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/29/9" + }, + { + "name": "https://drupal.org/node/2006188", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2006188" + }, + { + "name": "drupal-editlimit-cve20132122-security-bypass(84630)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84630" + }, + { + "name": "93725", + "refsource": "OSVDB", + "url": "http://osvdb.org/93725" + }, + { + "name": "60209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60209" + }, + { + "name": "53556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53556" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2330.json b/2013/2xxx/CVE-2013-2330.json index 1d9960c7300..031a09e31aa 100644 --- a/2013/2xxx/CVE-2013-2330.json +++ b/2013/2xxx/CVE-2013-2330.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02883", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - }, - { - "name" : "SSRT101050", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - }, - { - "name" : "SSRT101227", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101227", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + }, + { + "name": "SSRT101050", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + }, + { + "name": "HPSBMU02883", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2653.json b/2013/2xxx/CVE-2013-2653.json index 4b9d1db866b..a2bc505872f 100644 --- a/2013/2xxx/CVE-2013-2653.json +++ b/2013/2xxx/CVE-2013-2653.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130801 SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2013/Aug/12" - }, - { - "name" : "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170", - "refsource" : "CONFIRM", - "url" : "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170", + "refsource": "CONFIRM", + "url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170" + }, + { + "name": "20130801 SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2013/Aug/12" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2863.json b/2013/2xxx/CVE-2013-2863.json index 9db40023dee..74016690e6e 100644 --- a/2013/2xxx/CVE-2013-2863.json +++ b/2013/2xxx/CVE-2013-2863.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=232633", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=232633" - }, - { - "name" : "DSA-2706", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2706" - }, - { - "name" : "oval:org.mitre.oval:def:16608", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=232633", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=232633" + }, + { + "name": "oval:org.mitre.oval:def:16608", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16608" + }, + { + "name": "DSA-2706", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2706" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2878.json b/2013/2xxx/CVE-2013-2878.json index 9c50243f9d0..a50fcb3172b 100644 --- a/2013/2xxx/CVE-2013-2878.json +++ b/2013/2xxx/CVE-2013-2878.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=177197", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=177197" - }, - { - "name" : "DSA-2724", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2724" - }, - { - "name" : "oval:org.mitre.oval:def:17318", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17318", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17318" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=177197", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=177197" + }, + { + "name": "DSA-2724", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2724" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6309.json b/2013/6xxx/CVE-2013-6309.json index 23fe1e21f01..3c40f6a564c 100644 --- a/2013/6xxx/CVE-2013-6309.json +++ b/2013/6xxx/CVE-2013-6309.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676688", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676688" - }, - { - "name" : "ibm-marketing-cve20136309-link-injection(88559)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676688", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676688" + }, + { + "name": "ibm-marketing-cve20136309-link-injection(88559)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88559" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6596.json b/2013/6xxx/CVE-2013-6596.json index 7dfb466748b..fbe77d13f29 100644 --- a/2013/6xxx/CVE-2013-6596.json +++ b/2013/6xxx/CVE-2013-6596.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6596", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6596", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6749.json b/2013/6xxx/CVE-2013-6749.json index f1335930ac0..24c63ab021f 100644 --- a/2013/6xxx/CVE-2013-6749.json +++ b/2013/6xxx/CVE-2013-6749.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different vulnerability than CVE-2013-6748." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-6749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21662653", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21662653" - }, - { - "name" : "65193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65193" - }, - { - "name" : "102598", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102598" - }, - { - "name" : "56696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56696" - }, - { - "name" : "ibm-quickr-qp2-cve20136749-rce(89865)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different vulnerability than CVE-2013-6748." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65193" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21662653", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21662653" + }, + { + "name": "102598", + "refsource": "OSVDB", + "url": "http://osvdb.org/102598" + }, + { + "name": "ibm-quickr-qp2-cve20136749-rce(89865)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89865" + }, + { + "name": "56696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56696" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11223.json b/2017/11xxx/CVE-2017-11223.json index 5e5f110bb0f..f01cfbc6921 100644 --- a/2017/11xxx/CVE-2017-11223.json +++ b/2017/11xxx/CVE-2017-11223.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100182" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + }, + { + "name": "100182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100182" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11611.json b/2017/11xxx/CVE-2017-11611.json index 3d62157cd6a..bedc0e2aad1 100644 --- a/2017/11xxx/CVE-2017-11611.json +++ b/2017/11xxx/CVE-2017-11611.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a \"create-file-popup\" action, and the directory name in a \"create-directory-popup\" action, in the HTTP POST method to the \"/plugin/file_manager/\" script (aka an /admin/plugin/file_manager/browse// URI)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/faizzaidi/Wolfcms-v0.8.3.1-xss-POC-by-Provensec-llc", - "refsource" : "MISC", - "url" : "https://github.com/faizzaidi/Wolfcms-v0.8.3.1-xss-POC-by-Provensec-llc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a \"create-file-popup\" action, and the directory name in a \"create-directory-popup\" action, in the HTTP POST method to the \"/plugin/file_manager/\" script (aka an /admin/plugin/file_manager/browse// URI)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/faizzaidi/Wolfcms-v0.8.3.1-xss-POC-by-Provensec-llc", + "refsource": "MISC", + "url": "https://github.com/faizzaidi/Wolfcms-v0.8.3.1-xss-POC-by-Provensec-llc" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11711.json b/2017/11xxx/CVE-2017-11711.json index 72945083a60..14a9e9fe720 100644 --- a/2017/11xxx/CVE-2017-11711.json +++ b/2017/11xxx/CVE-2017-11711.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11711", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11711", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11835.json b/2017/11xxx/CVE-2017-11835.json index 12d94cca8e9..1688b36c01e 100644 --- a/2017/11xxx/CVE-2017-11835.json +++ b/2017/11xxx/CVE-2017-11835.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Graphics", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka \"Windows EOT Font Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11832." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Graphics", + "version": { + "version_data": [ + { + "version_value": "Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11835", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11835" - }, - { - "name" : "101736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101736" - }, - { - "name" : "1039782", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka \"Windows EOT Font Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11832." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101736" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11835", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11835" + }, + { + "name": "1039782", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039782" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11869.json b/2017/11xxx/CVE-2017-11869.json index 451e987b6df..b4a62ac29a3 100644 --- a/2017/11xxx/CVE-2017-11869.json +++ b/2017/11xxx/CVE-2017-11869.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11869", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11869" - }, - { - "name" : "101742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101742" - }, - { - "name" : "1039780", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039780" - }, - { - "name" : "1039781", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11869", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11869" + }, + { + "name": "1039781", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039781" + }, + { + "name": "1039780", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039780" + }, + { + "name": "101742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101742" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14081.json b/2017/14xxx/CVE-2017-14081.json index 35c810be232..4ed52dd69a5 100644 --- a/2017/14xxx/CVE-2017-14081.json +++ b/2017/14xxx/CVE-2017-14081.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2017-14081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2017-14081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-752", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-752" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-774", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-774" - }, - { - "name" : "https://success.trendmicro.com/solution/1118224", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1118224" - }, - { - "name" : "100969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-752", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-752" + }, + { + "name": "https://success.trendmicro.com/solution/1118224", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1118224" + }, + { + "name": "100969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100969" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-774", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-774" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14618.json b/2017/14xxx/CVE-2017-14618.json index 01bbc1619a9..1718468fe6b 100644 --- a/2017/14xxx/CVE-2017-14618.json +++ b/2017/14xxx/CVE-2017-14618.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an \"Add New FAQ\" action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42761", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42761/" - }, - { - "name" : "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.phpmyfaq.de/security/advisory-2017-10-19", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyfaq.de/security/advisory-2017-10-19" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an \"Add New FAQ\" action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42761", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42761/" + }, + { + "name": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html" + }, + { + "name": "http://www.phpmyfaq.de/security/advisory-2017-10-19", + "refsource": "CONFIRM", + "url": "http://www.phpmyfaq.de/security/advisory-2017-10-19" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14820.json b/2017/14xxx/CVE-2017-14820.json index 84bfb9fe383..f22afc70971 100644 --- a/2017/14xxx/CVE-2017-14820.json +++ b/2017/14xxx/CVE-2017-14820.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-14820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1.21155" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index of the SOT marker in JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5012." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-14820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.1.21155" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-864", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-864" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index of the SOT marker in JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5012." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-864", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-864" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14880.json b/2017/14xxx/CVE-2017-14880.json index 23a4e93a81a..a2c76f541c6 100644 --- a/2017/14xxx/CVE-2017-14880.json +++ b/2017/14xxx/CVE-2017-14880.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-14880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable \"num_q6_rule\" does not have a mutex lock and thus can be accessed and modified by multiple threads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Time-of-check Time-of-use (TOCTOU) Race Condition in Data" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-14880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable \"num_q6_rule\" does not have a mutex lock and thus can be accessed and modified by multiple threads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Time-of-check Time-of-use (TOCTOU) Race Condition in Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15362.json b/2017/15xxx/CVE-2017-15362.json index deebf0dc099..1098a2c4961 100644 --- a/2017/15xxx/CVE-2017-15362.json +++ b/2017/15xxx/CVE-2017-15362.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://becomepentester.blogspot.ae/2017/10/osTicket-XSS-CVE-2017-15362.html", - "refsource" : "MISC", - "url" : "https://becomepentester.blogspot.ae/2017/10/osTicket-XSS-CVE-2017-15362.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://becomepentester.blogspot.ae/2017/10/osTicket-XSS-CVE-2017-15362.html", + "refsource": "MISC", + "url": "https://becomepentester.blogspot.ae/2017/10/osTicket-XSS-CVE-2017-15362.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15723.json b/2017/15xxx/CVE-2017-15723.json index e7ae21d08ac..e1435e1cbc3 100644 --- a/2017/15xxx/CVE-2017-15723.json +++ b/2017/15xxx/CVE-2017-15723.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/10/22/4", - "refsource" : "CONFIRM", - "url" : "http://openwall.com/lists/oss-security/2017/10/22/4" - }, - { - "name" : "https://irssi.org/security/irssi_sa_2017_10.txt", - "refsource" : "CONFIRM", - "url" : "https://irssi.org/security/irssi_sa_2017_10.txt" - }, - { - "name" : "DSA-4016", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4016", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4016" + }, + { + "name": "https://irssi.org/security/irssi_sa_2017_10.txt", + "refsource": "CONFIRM", + "url": "https://irssi.org/security/irssi_sa_2017_10.txt" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/10/22/4", + "refsource": "CONFIRM", + "url": "http://openwall.com/lists/oss-security/2017/10/22/4" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9204.json b/2017/9xxx/CVE-2017-9204.json index 2e7554ad9a0..23f6b3ec6b6 100644 --- a/2017/9xxx/CVE-2017-9204.json +++ b/2017/9xxx/CVE-2017-9204.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/" - }, - { - "name" : "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d", - "refsource" : "MISC", - "url" : "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d", + "refsource": "MISC", + "url": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9337.json b/2017/9xxx/CVE-2017-9337.json index fd8c7276e2d..7c9d879e4bc 100644 --- a/2017/9xxx/CVE-2017-9337.json +++ b/2017/9xxx/CVE-2017-9337.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lncken.cn/?p=279", - "refsource" : "MISC", - "url" : "http://lncken.cn/?p=279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lncken.cn/?p=279", + "refsource": "MISC", + "url": "http://lncken.cn/?p=279" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9645.json b/2017/9xxx/CVE-2017-9645.json index 5ef5ed2ad64..226c8fcb600 100644 --- a/2017/9xxx/CVE-2017-9645.json +++ b/2017/9xxx/CVE-2017-9645.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-9645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mirion Technologies Telemetry Enabled Devices", - "version" : { - "version_data" : [ - { - "version_value" : "Mirion Technologies Telemetry Enabled Devices" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-326" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-9645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mirion Technologies Telemetry Enabled Devices", + "version": { + "version_data": [ + { + "version_value": "Mirion Technologies Telemetry Enabled Devices" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02" - }, - { - "name" : "100001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-326" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100001" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0059.json b/2018/0xxx/CVE-2018-0059.json index 2656034c8af..9139366e1e0 100644 --- a/2018/0xxx/CVE-2018-0059.json +++ b/2018/0xxx/CVE-2018-0059.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-10-10T16:00:00.000Z", - "ID" : "CVE-2018-0059", - "STATE" : "PUBLIC", - "TITLE" : "ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ScreenOS", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "6.3.0", - "version_value" : "6.3.0r26" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Marcel Bilal from IT-Dienstleistungszentrum Berlin" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.4, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stored cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-10-10T16:00:00.000Z", + "ID": "CVE-2018-0059", + "STATE": "PUBLIC", + "TITLE": "ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ScreenOS", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.0r26" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10894", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10894" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software releases have been updated to resolve this specific issue: ScreenOS 6.3.0r26 and all subsequent releases.\n\nReview and clear any previously stored cross-site scripting entries." - } - ], - "source" : { - "advisory" : "JSA10894", - "defect" : [ - "1323345" - ], - "discovery" : "EXTERNAL" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators.\n\nIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts." - }, - { - "lang" : "eng", - "value" : "Disable the web administrative interface if it is not necessary." - } - ] -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Marcel Bilal from IT-Dienstleistungszentrum Berlin" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10894", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10894" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: ScreenOS 6.3.0r26 and all subsequent releases.\n\nReview and clear any previously stored cross-site scripting entries." + } + ], + "source": { + "advisory": "JSA10894", + "defect": [ + "1323345" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators.\n\nIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts." + }, + { + "lang": "eng", + "value": "Disable the web administrative interface if it is not necessary." + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0398.json b/2018/0xxx/CVE-2018-0398.json index e11c54bd785..7cf1af26f0e 100644 --- a/2018/0xxx/CVE-2018-0398.json +++ b/2018/0xxx/CVE-2018-0398.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Finesse unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Finesse unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Finesse unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Finesse unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-finesse", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-finesse" - }, - { - "name" : "104886", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-finesse", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-finesse" + }, + { + "name": "104886", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104886" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000180.json b/2018/1000xxx/CVE-2018-1000180.json index 379a83b4e55..f4342f319c7 100644 --- a/2018/1000xxx/CVE-2018-1000180.json +++ b/2018/1000xxx/CVE-2018-1000180.json @@ -1,125 +1,125 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-04-30T12:00:00", - "DATE_REQUESTED" : "2018-04-30T14:00:00", - "ID" : "CVE-2018-1000180", - "REQUESTER" : "dgh@bouncycastle.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Legion of the Bouncy Castle Java Cryptography APIs", - "version" : { - "version_data" : [ - { - "version_value" : "BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Legion of the Bouncy Castle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-573" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-04-30T12:00:00", + "DATE_REQUESTED": "2018-04-30T14:00:00", + "ID": "CVE-2018-1000180", + "REQUESTER": "dgh@bouncycastle.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test", - "refsource" : "MISC", - "url" : "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test" - }, - { - "name" : "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad", - "refsource" : "CONFIRM", - "url" : "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad" - }, - { - "name" : "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839", - "refsource" : "CONFIRM", - "url" : "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839" - }, - { - "name" : "https://www.bouncycastle.org/jira/browse/BJA-694", - "refsource" : "CONFIRM", - "url" : "https://www.bouncycastle.org/jira/browse/BJA-694" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190204-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190204-0003/" - }, - { - "name" : "DSA-4233", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4233" - }, - { - "name" : "RHSA-2018:2423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2423" - }, - { - "name" : "RHSA-2018:2424", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2424" - }, - { - "name" : "RHSA-2018:2425", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2425" - }, - { - "name" : "RHSA-2018:2428", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2428" - }, - { - "name" : "RHSA-2018:2643", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2643" - }, - { - "name" : "RHSA-2018:2669", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test", + "refsource": "MISC", + "url": "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test" + }, + { + "name": "RHSA-2018:2428", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2428" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "RHSA-2018:2669", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2669" + }, + { + "name": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad", + "refsource": "CONFIRM", + "url": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad" + }, + { + "name": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839", + "refsource": "CONFIRM", + "url": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839" + }, + { + "name": "RHSA-2018:2643", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2643" + }, + { + "name": "https://www.bouncycastle.org/jira/browse/BJA-694", + "refsource": "CONFIRM", + "url": "https://www.bouncycastle.org/jira/browse/BJA-694" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190204-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190204-0003/" + }, + { + "name": "RHSA-2018:2424", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2424" + }, + { + "name": "RHSA-2018:2423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2423" + }, + { + "name": "RHSA-2018:2425", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2425" + }, + { + "name": "DSA-4233", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4233" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12484.json b/2018/12xxx/CVE-2018-12484.json index 9be8bfa6ac7..574cb336b45 100644 --- a/2018/12xxx/CVE-2018-12484.json +++ b/2018/12xxx/CVE-2018-12484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12530.json b/2018/12xxx/CVE-2018-12530.json index c7e194c15df..d751e74df74 100644 --- a/2018/12xxx/CVE-2018-12530.json +++ b/2018/12xxx/CVE-2018-12530.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/summ3rf/Vulner/blob/master/Metinfo.md", - "refsource" : "MISC", - "url" : "https://github.com/summ3rf/Vulner/blob/master/Metinfo.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/summ3rf/Vulner/blob/master/Metinfo.md", + "refsource": "MISC", + "url": "https://github.com/summ3rf/Vulner/blob/master/Metinfo.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16511.json b/2018/16xxx/CVE-2018-16511.json index ac0c082911f..0342e153c80 100644 --- a/2018/16xxx/CVE-2018-16511.json +++ b/2018/16xxx/CVE-2018-16511.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in \"ztype\" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01", - "refsource" : "MISC", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01" - }, - { - "name" : "http://seclists.org/oss-sec/2018/q3/182", - "refsource" : "MISC", - "url" : "http://seclists.org/oss-sec/2018/q3/182" - }, - { - "name" : "https://www.artifex.com/news/ghostscript-security-resolved/", - "refsource" : "MISC", - "url" : "https://www.artifex.com/news/ghostscript-security-resolved/" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699659", - "refsource" : "MISC", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699659" - }, - { - "name" : "DSA-4288", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4288" - }, - { - "name" : "GLSA-201811-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-12" - }, - { - "name" : "RHSA-2018:3650", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3650" - }, - { - "name" : "USN-3768-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3768-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in \"ztype\" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3650", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3650" + }, + { + "name": "GLSA-201811-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-12" + }, + { + "name": "USN-3768-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3768-1/" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01", + "refsource": "MISC", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01" + }, + { + "name": "https://www.artifex.com/news/ghostscript-security-resolved/", + "refsource": "MISC", + "url": "https://www.artifex.com/news/ghostscript-security-resolved/" + }, + { + "name": "DSA-4288", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4288" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=699659", + "refsource": "MISC", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699659" + }, + { + "name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html" + }, + { + "name": "http://seclists.org/oss-sec/2018/q3/182", + "refsource": "MISC", + "url": "http://seclists.org/oss-sec/2018/q3/182" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16574.json b/2018/16xxx/CVE-2018-16574.json index 85bad91d8ad..dc6e63f3448 100644 --- a/2018/16xxx/CVE-2018-16574.json +++ b/2018/16xxx/CVE-2018-16574.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16574", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16574", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16955.json b/2018/16xxx/CVE-2018-16955.json index 42b7e4da8ba..d873d0ff4b7 100644 --- a/2018/16xxx/CVE-2018-16955.json +++ b/2018/16xxx/CVE-2018-16955.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). The content of the in_hi_redirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://seclists.org/fulldisclosure/2018/Sep/22", - "refsource" : "MISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/22" - }, - { - "name" : "105350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). The content of the in_hi_redirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://seclists.org/fulldisclosure/2018/Sep/22", + "refsource": "MISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/22" + }, + { + "name": "105350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105350" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4708.json b/2018/4xxx/CVE-2018-4708.json index 372618974aa..fd6b273165f 100644 --- a/2018/4xxx/CVE-2018-4708.json +++ b/2018/4xxx/CVE-2018-4708.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4708", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4708", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4764.json b/2018/4xxx/CVE-2018-4764.json index b396b89eea9..7aaafd93ae2 100644 --- a/2018/4xxx/CVE-2018-4764.json +++ b/2018/4xxx/CVE-2018-4764.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4764", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4764", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4858.json b/2018/4xxx/CVE-2018-4858.json index d0385687740..8aa609eb069 100644 --- a/2018/4xxx/CVE-2018-4858.json +++ b/2018/4xxx/CVE-2018-4858.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-06-26T00:00:00", - "ID" : "CVE-2018-4858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IEC 61850 system configurator, DIGSI 5 (affected as IEC 61850 system configurator is incorporated), DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, SICAM SCC", - "version" : { - "version_data" : [ - { - "version_value" : "IEC 61850 system configurator : All versions < V5.80" - }, - { - "version_value" : "DIGSI 5 (affected as IEC 61850 system configurator is incorporated) : All versions < V7.80" - }, - { - "version_value" : "DIGSI 4 : All versions < V4.93" - }, - { - "version_value" : "SICAM PAS/PQS : All versions < V8.11" - }, - { - "version_value" : "SICAM PQ Analyzer : All versions < V3.11" - }, - { - "version_value" : "SICAM SCC : All versions < V9.02 HF3" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service's client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284: Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-06-26T00:00:00", + "ID": "CVE-2018-4858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IEC 61850 system configurator, DIGSI 5 (affected as IEC 61850 system configurator is incorporated), DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, SICAM SCC", + "version": { + "version_data": [ + { + "version_value": "IEC 61850 system configurator : All versions < V5.80" + }, + { + "version_value": "DIGSI 5 (affected as IEC 61850 system configurator is incorporated) : All versions < V7.80" + }, + { + "version_value": "DIGSI 4 : All versions < V4.93" + }, + { + "version_value": "SICAM PAS/PQS : All versions < V8.11" + }, + { + "version_value": "SICAM PQ Analyzer : All versions < V3.11" + }, + { + "version_value": "SICAM SCC : All versions < V9.02 HF3" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-01" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf" - }, - { - "name" : "105933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service's client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf" + }, + { + "name": "105933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105933" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-01" + } + ] + } +} \ No newline at end of file