From 04b97e048151e606c42e2a24b32493d520079e07 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:02:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1338.json | 140 +++++------ 2008/0xxx/CVE-2008-0362.json | 160 ++++++------- 2008/0xxx/CVE-2008-0426.json | 160 ++++++------- 2008/3xxx/CVE-2008-3152.json | 160 ++++++------- 2008/3xxx/CVE-2008-3549.json | 180 +++++++-------- 2008/3xxx/CVE-2008-3697.json | 210 ++++++++--------- 2008/3xxx/CVE-2008-3831.json | 360 ++++++++++++++--------------- 2008/4xxx/CVE-2008-4185.json | 170 +++++++------- 2008/4xxx/CVE-2008-4377.json | 170 +++++++------- 2008/4xxx/CVE-2008-4378.json | 160 ++++++------- 2008/4xxx/CVE-2008-4787.json | 150 ++++++------ 2008/6xxx/CVE-2008-6124.json | 140 +++++------ 2008/6xxx/CVE-2008-6676.json | 170 +++++++------- 2008/6xxx/CVE-2008-6798.json | 140 +++++------ 2008/7xxx/CVE-2008-7046.json | 130 +++++------ 2008/7xxx/CVE-2008-7107.json | 140 +++++------ 2008/7xxx/CVE-2008-7157.json | 140 +++++------ 2013/2xxx/CVE-2013-2227.json | 34 +-- 2013/2xxx/CVE-2013-2238.json | 130 +++++------ 2013/2xxx/CVE-2013-2386.json | 130 +++++------ 2013/2xxx/CVE-2013-2759.json | 34 +-- 2013/2xxx/CVE-2013-2872.json | 140 +++++------ 2013/6xxx/CVE-2013-6513.json | 34 +-- 2013/6xxx/CVE-2013-6542.json | 34 +-- 2013/6xxx/CVE-2013-6782.json | 34 +-- 2017/10xxx/CVE-2017-10129.json | 152 ++++++------ 2017/10xxx/CVE-2017-10476.json | 34 +-- 2017/10xxx/CVE-2017-10482.json | 34 +-- 2017/10xxx/CVE-2017-10489.json | 34 +-- 2017/14xxx/CVE-2017-14013.json | 130 +++++------ 2017/14xxx/CVE-2017-14050.json | 120 +++++----- 2017/14xxx/CVE-2017-14289.json | 120 +++++----- 2017/14xxx/CVE-2017-14812.json | 34 +-- 2017/15xxx/CVE-2017-15278.json | 140 +++++------ 2017/15xxx/CVE-2017-15591.json | 130 +++++------ 2017/9xxx/CVE-2017-9201.json | 130 +++++------ 2017/9xxx/CVE-2017-9448.json | 120 +++++----- 2017/9xxx/CVE-2017-9462.json | 190 +++++++-------- 2017/9xxx/CVE-2017-9545.json | 120 +++++----- 2018/0xxx/CVE-2018-0079.json | 34 +-- 2018/0xxx/CVE-2018-0164.json | 130 +++++------ 2018/0xxx/CVE-2018-0330.json | 130 +++++------ 2018/0xxx/CVE-2018-0442.json | 188 +++++++-------- 2018/0xxx/CVE-2018-0933.json | 152 ++++++------ 2018/1000xxx/CVE-2018-1000154.json | 144 ++++++------ 2018/1000xxx/CVE-2018-1000191.json | 126 +++++----- 2018/1000xxx/CVE-2018-1000520.json | 126 +++++----- 2018/12xxx/CVE-2018-12706.json | 130 +++++------ 2018/16xxx/CVE-2018-16174.json | 130 +++++------ 2018/16xxx/CVE-2018-16225.json | 130 +++++------ 2018/16xxx/CVE-2018-16631.json | 120 +++++----- 2018/16xxx/CVE-2018-16833.json | 120 +++++----- 2018/16xxx/CVE-2018-16915.json | 34 +-- 2018/4xxx/CVE-2018-4448.json | 34 +-- 2018/4xxx/CVE-2018-4797.json | 34 +-- 2018/4xxx/CVE-2018-4981.json | 140 +++++------ 2019/7xxx/CVE-2019-7221.json | 9 +- 57 files changed, 3427 insertions(+), 3422 deletions(-) diff --git a/2004/1xxx/CVE-2004-1338.json b/2004/1xxx/CVE-2004-1338.json index e5b14f12b8b..44798f71a08 100644 --- a/2004/1xxx/CVE-2004-1338.json +++ b/2004/1xxx/CVE-2004-1338.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041223 Oracle Trigger Abuse (#NISR2122004I)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110382230614420&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/oracle23122004I.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/oracle23122004I.txt" - }, - { - "name" : "oracle-triggers-gain-privileges(18655)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041223 Oracle Trigger Abuse (#NISR2122004I)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110382230614420&w=2" + }, + { + "name": "http://www.ngssoftware.com/advisories/oracle23122004I.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/oracle23122004I.txt" + }, + { + "name": "oracle-triggers-gain-privileges(18655)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18655" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0362.json b/2008/0xxx/CVE-2008-0362.json index f1ee399eed3..cc7db66accd 100644 --- a/2008/0xxx/CVE-2008-0362.json +++ b/2008/0xxx/CVE-2008-0362.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the album parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080117 Clever Copy <=3.0 Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486492/100/0/threaded" - }, - { - "name" : "27335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27335" - }, - { - "name" : "28560", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28560" - }, - { - "name" : "3553", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3553" - }, - { - "name" : "clevercopy-gallery-xss(39747)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39747" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the album parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27335" + }, + { + "name": "3553", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3553" + }, + { + "name": "clevercopy-gallery-xss(39747)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39747" + }, + { + "name": "20080117 Clever Copy <=3.0 Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486492/100/0/threaded" + }, + { + "name": "28560", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28560" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0426.json b/2008/0xxx/CVE-2008-0426.json index 874028ae89f..1504afe0c59 100644 --- a/2008/0xxx/CVE-2008-0426.json +++ b/2008/0xxx/CVE-2008-0426.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080122 PacerCMS Multiple Vulnerabilities (XSS/SQL)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/486796/100/0/threaded" - }, - { - "name" : "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/", - "refsource" : "CONFIRM", - "url" : "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/" - }, - { - "name" : "27386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27386" - }, - { - "name" : "28605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28605" - }, - { - "name" : "pacercms-submit-xss(39832)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pacercms-submit-xss(39832)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39832" + }, + { + "name": "20080122 PacerCMS Multiple Vulnerabilities (XSS/SQL)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/486796/100/0/threaded" + }, + { + "name": "27386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27386" + }, + { + "name": "28605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28605" + }, + { + "name": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/", + "refsource": "CONFIRM", + "url": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3152.json b/2008/3xxx/CVE-2008-3152.json index 3b560360608..d3e3bdba569 100644 --- a/2008/3xxx/CVE-2008-3152.json +++ b/2008/3xxx/CVE-2008-3152.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6019", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6019" - }, - { - "name" : "6014", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6014" - }, - { - "name" : "30111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30111" - }, - { - "name" : "ADV-2008-2013", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2013/references" - }, - { - "name" : "smartppc-directory-sql-injection(43597)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2013", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2013/references" + }, + { + "name": "6019", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6019" + }, + { + "name": "6014", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6014" + }, + { + "name": "30111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30111" + }, + { + "name": "smartppc-directory-sql-injection(43597)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43597" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3549.json b/2008/3xxx/CVE-2008-3549.json index 65de6b8fc7d..fc55f11b31c 100644 --- a/2008/3xxx/CVE-2008-3549.json +++ b/2008/3xxx/CVE-2008-3549.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "239387", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239387-1" - }, - { - "name" : "30561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30561" - }, - { - "name" : "oval:org.mitre.oval:def:5446", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5446" - }, - { - "name" : "ADV-2008-2312", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2312" - }, - { - "name" : "1020634", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020634" - }, - { - "name" : "31348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31348" - }, - { - "name" : "solaris-pthreadmutexreltimedlocknp-dos(44224)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30561" + }, + { + "name": "oval:org.mitre.oval:def:5446", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5446" + }, + { + "name": "31348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31348" + }, + { + "name": "ADV-2008-2312", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2312" + }, + { + "name": "1020634", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020634" + }, + { + "name": "239387", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239387-1" + }, + { + "name": "solaris-pthreadmutexreltimedlocknp-dos(44224)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44224" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3697.json b/2008/3xxx/CVE-2008-3697.json index 55c463c79f3..8d28905c69e 100644 --- a/2008/3xxx/CVE-2008-3697.json +++ b/2008/3xxx/CVE-2008-3697.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495869/100/0/threaded" - }, - { - "name" : "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html" - }, - { - "name" : "http://www.vmware.com/support/server/doc/releasenotes_server.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/server/doc/releasenotes_server.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0014.html" - }, - { - "name" : "30935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30935" - }, - { - "name" : "ADV-2008-2466", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2466" - }, - { - "name" : "1020789", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020789" - }, - { - "name" : "31708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31708" - }, - { - "name" : "4202", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4202" - }, - { - "name" : "vmware-isapi-extension-dos(44796)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html" + }, + { + "name": "1020789", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020789" + }, + { + "name": "http://www.vmware.com/support/server/doc/releasenotes_server.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html" + }, + { + "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded" + }, + { + "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html" + }, + { + "name": "31708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31708" + }, + { + "name": "4202", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4202" + }, + { + "name": "30935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30935" + }, + { + "name": "vmware-isapi-extension-dos(44796)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44796" + }, + { + "name": "ADV-2008-2466", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2466" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3831.json b/2008/3xxx/CVE-2008-3831.json index 19a62e424c2..2aad5861c0c 100644 --- a/2008/3xxx/CVE-2008-3831.json +++ b/2008/3xxx/CVE-2008-3831.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-3831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081112 rPSA-2008-0316-1 kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498285/100/0/threaded" - }, - { - "name" : "[source-changes] 20081017 CVS: cvs.openbsd.org: src", - "refsource" : "MLIST", - "url" : "http://archives.neohapsis.com/archives/openbsd/cvs/2008-10/0365.html" - }, - { - "name" : "http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz", - "refsource" : "CONFIRM", - "url" : "http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c.diff?r1=1.7;r2=1.8", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c.diff?r1=1.7;r2=1.8" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0316", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0316" - }, - { - "name" : "DSA-1655", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1655" - }, - { - "name" : "FEDORA-2008-8929", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html" - }, - { - "name" : "FEDORA-2008-8980", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html" - }, - { - "name" : "MDVSA-2008:224", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:224" - }, - { - "name" : "RHSA-2008:1017", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1017.html" - }, - { - "name" : "RHSA-2009:0009", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0009.html" - }, - { - "name" : "245846", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-245846-1" - }, - { - "name" : "USN-659-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-659-1" - }, - { - "name" : "USN-679-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-679-1" - }, - { - "name" : "31792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31792" - }, - { - "name" : "oval:org.mitre.oval:def:11542", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11542" - }, - { - "name" : "1021065", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021065" - }, - { - "name" : "32386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32386" - }, - { - "name" : "32709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32709" - }, - { - "name" : "32918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32918" - }, - { - "name" : "33182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33182" - }, - { - "name" : "33586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33586" - }, - { - "name" : "32315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "245846", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-245846-1" + }, + { + "name": "http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz", + "refsource": "CONFIRM", + "url": "http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz" + }, + { + "name": "DSA-1655", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1655" + }, + { + "name": "MDVSA-2008:224", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:224" + }, + { + "name": "USN-659-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-659-1" + }, + { + "name": "RHSA-2009:0009", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0009.html" + }, + { + "name": "1021065", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021065" + }, + { + "name": "FEDORA-2008-8929", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html" + }, + { + "name": "33586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33586" + }, + { + "name": "32709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32709" + }, + { + "name": "32918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32918" + }, + { + "name": "USN-679-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-679-1" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0316", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0316" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316" + }, + { + "name": "oval:org.mitre.oval:def:11542", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11542" + }, + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c.diff?r1=1.7;r2=1.8", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c.diff?r1=1.7;r2=1.8" + }, + { + "name": "RHSA-2008:1017", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1017.html" + }, + { + "name": "[source-changes] 20081017 CVS: cvs.openbsd.org: src", + "refsource": "MLIST", + "url": "http://archives.neohapsis.com/archives/openbsd/cvs/2008-10/0365.html" + }, + { + "name": "32386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32386" + }, + { + "name": "31792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31792" + }, + { + "name": "FEDORA-2008-8980", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html" + }, + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c" + }, + { + "name": "33182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33182" + }, + { + "name": "20081112 rPSA-2008-0316-1 kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498285/100/0/threaded" + }, + { + "name": "32315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32315" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4185.json b/2008/4xxx/CVE-2008-4185.json index 3d175bec117..85bc54bc67c 100644 --- a/2008/4xxx/CVE-2008-4185.json +++ b/2008/4xxx/CVE-2008-4185.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6370", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6370" - }, - { - "name" : "http://spanish-hackers.com/exploits/24.txt", - "refsource" : "MISC", - "url" : "http://spanish-hackers.com/exploits/24.txt" - }, - { - "name" : "31153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31153" - }, - { - "name" : "31775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31775" - }, - { - "name" : "4314", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4314" - }, - { - "name" : "webcmsportaledition-id-sql-injection(45448)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://spanish-hackers.com/exploits/24.txt", + "refsource": "MISC", + "url": "http://spanish-hackers.com/exploits/24.txt" + }, + { + "name": "31775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31775" + }, + { + "name": "4314", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4314" + }, + { + "name": "31153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31153" + }, + { + "name": "webcmsportaledition-id-sql-injection(45448)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45448" + }, + { + "name": "6370", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6370" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4377.json b/2008/4xxx/CVE-2008-4377.json index bc9b8f69491..a2a108a7175 100644 --- a/2008/4xxx/CVE-2008-4377.json +++ b/2008/4xxx/CVE-2008-4377.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6405", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6405" - }, - { - "name" : "31084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31084" - }, - { - "name" : "47979", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/47979" - }, - { - "name" : "31819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31819" - }, - { - "name" : "4335", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4335" - }, - { - "name" : "creator-sideid-sql-injection(44981)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47979", + "refsource": "OSVDB", + "url": "http://osvdb.org/47979" + }, + { + "name": "creator-sideid-sql-injection(44981)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44981" + }, + { + "name": "4335", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4335" + }, + { + "name": "31084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31084" + }, + { + "name": "6405", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6405" + }, + { + "name": "31819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31819" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4378.json b/2008/4xxx/CVE-2008-4378.json index cfd6c48332f..dbd0bc3ed17 100644 --- a/2008/4xxx/CVE-2008-4378.json +++ b/2008/4xxx/CVE-2008-4378.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6403", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6403" - }, - { - "name" : "8918", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8918" - }, - { - "name" : "31078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31078" - }, - { - "name" : "4336", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4336" - }, - { - "name" : "hotlinks-report-sql-injection(44991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31078" + }, + { + "name": "hotlinks-report-sql-injection(44991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44991" + }, + { + "name": "8918", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8918" + }, + { + "name": "6403", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6403" + }, + { + "name": "4336", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4336" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4787.json b/2008/4xxx/CVE-2008-4787.json index dab04f98c85..4344efb88dd 100644 --- a/2008/4xxx/CVE-2008-4787.json +++ b/2008/4xxx/CVE-2008-4787.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many   (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081027 Re: Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497827/100/0/threaded" - }, - { - "name" : "20081027 Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497825/100/0/threaded" - }, - { - "name" : "31960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31960" - }, - { - "name" : "ie-nbsp-addressbar-spoofing(46234)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many   (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31960" + }, + { + "name": "20081027 Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497825/100/0/threaded" + }, + { + "name": "20081027 Re: Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497827/100/0/threaded" + }, + { + "name": "ie-nbsp-addressbar-spoofing(46234)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46234" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6124.json b/2008/6xxx/CVE-2008-6124.json index 79bcea081ac..e8fc50fc68d 100644 --- a/2008/6xxx/CVE-2008-6124.json +++ b/2008/6xxx/CVE-2008-6124.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2", - "refsource" : "MISC", - "url" : "http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=101402", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=101402" - }, - { - "name" : "DSA-1691", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moodle.org/mod/forum/discuss.php?d=101402", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=101402" + }, + { + "name": "http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2", + "refsource": "MISC", + "url": "http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2" + }, + { + "name": "DSA-1691", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1691" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6676.json b/2008/6xxx/CVE-2008-6676.json index 10e6cea31af..95e547726e1 100644 --- a/2008/6xxx/CVE-2008-6676.json +++ b/2008/6xxx/CVE-2008-6676.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugreport.ir/39/exploit.htm", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/39/exploit.htm" - }, - { - "name" : "http://www.bugreport.ir/index_39.htm", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/index_39.htm" - }, - { - "name" : "29524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29524" - }, - { - "name" : "46222", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46222" - }, - { - "name" : "30501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30501" - }, - { - "name" : "quickersite-showthumb-path-disclosure(42861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.bugreport.ir/39/exploit.htm", + "refsource": "MISC", + "url": "http://www.bugreport.ir/39/exploit.htm" + }, + { + "name": "quickersite-showthumb-path-disclosure(42861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42861" + }, + { + "name": "http://www.bugreport.ir/index_39.htm", + "refsource": "MISC", + "url": "http://www.bugreport.ir/index_39.htm" + }, + { + "name": "30501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30501" + }, + { + "name": "29524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29524" + }, + { + "name": "46222", + "refsource": "OSVDB", + "url": "http://osvdb.org/46222" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6798.json b/2008/6xxx/CVE-2008-6798.json index 2e5454ad9ca..1d19318f7ec 100644 --- a/2008/6xxx/CVE-2008-6798.json +++ b/2008/6xxx/CVE-2008-6798.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7094", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7094" - }, - { - "name" : "32134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32134" - }, - { - "name" : "ADV-2008-3121", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7094", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7094" + }, + { + "name": "ADV-2008-3121", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3121" + }, + { + "name": "32134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32134" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7046.json b/2008/7xxx/CVE-2008-7046.json index 8e3aa15a622..5a86213953a 100644 --- a/2008/7xxx/CVE-2008-7046.json +++ b/2008/7xxx/CVE-2008-7046.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "49779", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49779" - }, - { - "name" : "32600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49779", + "refsource": "OSVDB", + "url": "http://osvdb.org/49779" + }, + { + "name": "32600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32600" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7107.json b/2008/7xxx/CVE-2008-7107.json index e3bcb7a3325..90aac57cd75 100644 --- a/2008/7xxx/CVE-2008-7107.json +++ b/2008/7xxx/CVE-2008-7107.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\\\.\\easdrv device interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6251", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6251" - }, - { - "name" : "30719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30719" - }, - { - "name" : "smartsecurity-easdrv-code-execution(44520)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\\\.\\easdrv device interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6251", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6251" + }, + { + "name": "30719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30719" + }, + { + "name": "smartsecurity-easdrv-code-execution(44520)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44520" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7157.json b/2008/7xxx/CVE-2008-7157.json index 985687ec6ae..08941e5c644 100644 --- a/2008/7xxx/CVE-2008-7157.json +++ b/2008/7xxx/CVE-2008-7157.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4859", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4859" - }, - { - "name" : "27166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27166" - }, - { - "name" : "ekinboard-upload-file-upload(39507)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27166" + }, + { + "name": "4859", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4859" + }, + { + "name": "ekinboard-upload-file-upload(39507)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39507" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2227.json b/2013/2xxx/CVE-2013-2227.json index 4452f35d0af..85d2aaa768e 100644 --- a/2013/2xxx/CVE-2013-2227.json +++ b/2013/2xxx/CVE-2013-2227.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2227", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2227", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2238.json b/2013/2xxx/CVE-2013-2238.json index ec8a3edf5b7..c8d828a8c0a 100644 --- a/2013/2xxx/CVE-2013-2238.json +++ b/2013/2xxx/CVE-2013-2238.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the index and substituted variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130703 Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/04/4" - }, - { - "name" : "http://jira.freeswitch.org/browse/FS-5566", - "refsource" : "CONFIRM", - "url" : "http://jira.freeswitch.org/browse/FS-5566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the index and substituted variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jira.freeswitch.org/browse/FS-5566", + "refsource": "CONFIRM", + "url": "http://jira.freeswitch.org/browse/FS-5566" + }, + { + "name": "[oss-security] 20130703 Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/04/4" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2386.json b/2013/2xxx/CVE-2013-2386.json index 40a0ad81e61..82f8d6f3edf 100644 --- a/2013/2xxx/CVE-2013-2386.json +++ b/2013/2xxx/CVE-2013-2386.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity and availability via vectors related to BASE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity and availability via vectors related to BASE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2759.json b/2013/2xxx/CVE-2013-2759.json index 0abc2bdb579..640babbe381 100644 --- a/2013/2xxx/CVE-2013-2759.json +++ b/2013/2xxx/CVE-2013-2759.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2759", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2759", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2872.json b/2013/2xxx/CVE-2013-2872.json index a5922c04151..e091babd7e7 100644 --- a/2013/2xxx/CVE-2013-2872.json +++ b/2013/2xxx/CVE-2013-2872.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=5e3678ea33ab00b5977bde219cd9ec6f1768d78a", - "refsource" : "CONFIRM", - "url" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=5e3678ea33ab00b5977bde219cd9ec6f1768d78a" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=242702", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=242702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=5e3678ea33ab00b5977bde219cd9ec6f1768d78a", + "refsource": "CONFIRM", + "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=5e3678ea33ab00b5977bde219cd9ec6f1768d78a" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=242702", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=242702" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6513.json b/2013/6xxx/CVE-2013-6513.json index ca0e4097a96..4a87022d99c 100644 --- a/2013/6xxx/CVE-2013-6513.json +++ b/2013/6xxx/CVE-2013-6513.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6513", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6513", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6542.json b/2013/6xxx/CVE-2013-6542.json index 8594a1ee89d..5d48eb50454 100644 --- a/2013/6xxx/CVE-2013-6542.json +++ b/2013/6xxx/CVE-2013-6542.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6542", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6542", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6782.json b/2013/6xxx/CVE-2013-6782.json index 987d540fb34..308c60bec40 100644 --- a/2013/6xxx/CVE-2013-6782.json +++ b/2013/6xxx/CVE-2013-6782.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6782", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6782", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10129.json b/2017/10xxx/CVE-2017-10129.json index 960f0c78d5c..b36d8f4d294 100644 --- a/2017/10xxx/CVE-2017-10129.json +++ b/2017/10xxx/CVE-2017-10129.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Oracle VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.1.24" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.1.24" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42426", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42426/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99638" - }, - { - "name" : "1038929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99638" + }, + { + "name": "1038929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038929" + }, + { + "name": "42426", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42426/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10476.json b/2017/10xxx/CVE-2017-10476.json index d11574c6194..f09e11f7cd3 100644 --- a/2017/10xxx/CVE-2017-10476.json +++ b/2017/10xxx/CVE-2017-10476.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10476", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10476", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10482.json b/2017/10xxx/CVE-2017-10482.json index 5bd061e7fc5..2ed6c4827e5 100644 --- a/2017/10xxx/CVE-2017-10482.json +++ b/2017/10xxx/CVE-2017-10482.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10482", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10482", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10489.json b/2017/10xxx/CVE-2017-10489.json index 17f98fc1fea..a50eff0bf04 100644 --- a/2017/10xxx/CVE-2017-10489.json +++ b/2017/10xxx/CVE-2017-10489.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10489", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10489", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14013.json b/2017/14xxx/CVE-2017-14013.json index 10f4283d8e6..ee589d00363 100644 --- a/2017/14xxx/CVE-2017-14013.json +++ b/2017/14xxx/CVE-2017-14013.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-14013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ProMinent MultiFLEX M10a Controller", - "version" : { - "version_data" : [ - { - "version_value" : "ProMinent MultiFLEX M10a Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-602" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-14013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ProMinent MultiFLEX M10a Controller", + "version": { + "version_data": [ + { + "version_value": "ProMinent MultiFLEX M10a Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01" - }, - { - "name" : "101259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-602" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101259" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14050.json b/2017/14xxx/CVE-2017-14050.json index adac8986c69..52c58b1e640 100644 --- a/2017/14xxx/CVE-2017-14050.json +++ b/2017/14xxx/CVE-2017-14050.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_RCE3/blackcat_cms_RCE3.md", - "refsource" : "MISC", - "url" : "https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_RCE3/blackcat_cms_RCE3.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_RCE3/blackcat_cms_RCE3.md", + "refsource": "MISC", + "url": "https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_RCE3/blackcat_cms_RCE3.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14289.json b/2017/14xxx/CVE-2017-14289.json index 3f29c2c6311..d11898cc5fd 100644 --- a/2017/14xxx/CVE-2017-14289.json +++ b/2017/14xxx/CVE-2017-14289.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000303e.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14289", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000303e.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14289", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14289" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14812.json b/2017/14xxx/CVE-2017-14812.json index dc9aea9168d..2a9fc903864 100644 --- a/2017/14xxx/CVE-2017-14812.json +++ b/2017/14xxx/CVE-2017-14812.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14812", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14812", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15278.json b/2017/15xxx/CVE-2017-15278.json index 009e4d8c249..51c71c8490b 100644 --- a/2017/15xxx/CVE-2017-15278.json +++ b/2017/15xxx/CVE-2017-15278.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md" - }, - { - "name" : "https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b", - "refsource" : "CONFIRM", - "url" : "https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b" - }, - { - "name" : "https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9", - "refsource" : "CONFIRM", - "url" : "https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9", + "refsource": "CONFIRM", + "url": "https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9" + }, + { + "name": "https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b", + "refsource": "CONFIRM", + "url": "https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b" + }, + { + "name": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md", + "refsource": "CONFIRM", + "url": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15591.json b/2017/15xxx/CVE-2017-15591.json index 7a1bc4fbc87..8466c1493e6 100644 --- a/2017/15xxx/CVE-2017-15591.json +++ b/2017/15xxx/CVE-2017-15591.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xenbits.xen.org/xsa/advisory-238.html", - "refsource" : "CONFIRM", - "url" : "https://xenbits.xen.org/xsa/advisory-238.html" - }, - { - "name" : "GLSA-201801-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://xenbits.xen.org/xsa/advisory-238.html", + "refsource": "CONFIRM", + "url": "https://xenbits.xen.org/xsa/advisory-238.html" + }, + { + "name": "GLSA-201801-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-14" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9201.json b/2017/9xxx/CVE-2017-9201.json index 0bee0c4a7cd..c91cd1e606d 100644 --- a/2017/9xxx/CVE-2017-9201.json +++ b/2017/9xxx/CVE-2017-9201.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/" - }, - { - "name" : "https://github.com/jsummers/imageworsener/commit/dc49c807926b96e503bd7c0dec35119eecd6c6fe", - "refsource" : "MISC", - "url" : "https://github.com/jsummers/imageworsener/commit/dc49c807926b96e503bd7c0dec35119eecd6c6fe" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/" + }, + { + "name": "https://github.com/jsummers/imageworsener/commit/dc49c807926b96e503bd7c0dec35119eecd6c6fe", + "refsource": "MISC", + "url": "https://github.com/jsummers/imageworsener/commit/dc49c807926b96e503bd7c0dec35119eecd6c6fe" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9448.json b/2017/9xxx/CVE-2017-9448.json index 01487a43d4c..0ad7ad4acd5 100644 --- a/2017/9xxx/CVE-2017-9448.json +++ b/2017/9xxx/CVE-2017-9448.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\\admin\\ajax\\pages\\save-revision.php and core\\admin\\modules\\pages\\revisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/issues/294", - "refsource" : "MISC", - "url" : "https://github.com/bigtreecms/BigTree-CMS/issues/294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\\admin\\ajax\\pages\\save-revision.php and core\\admin\\modules\\pages\\revisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/issues/294", + "refsource": "MISC", + "url": "https://github.com/bigtreecms/BigTree-CMS/issues/294" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9462.json b/2017/9xxx/CVE-2017-9462.json index 2e29643baa7..0013a4b1ce8 100644 --- a/2017/9xxx/CVE-2017-9462.json +++ b/2017/9xxx/CVE-2017-9462.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Mercurial before 4.1.3, \"hg serve --stdio\" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180705 [SECURITY] [DLA 1414-1] mercurial security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html" - }, - { - "name" : "https://bugs.debian.org/861243", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/861243" - }, - { - "name" : "https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499", - "refsource" : "CONFIRM", - "url" : "https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499" - }, - { - "name" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29", - "refsource" : "CONFIRM", - "url" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29" - }, - { - "name" : "DSA-3963", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3963" - }, - { - "name" : "GLSA-201709-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-18" - }, - { - "name" : "RHSA-2017:1576", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1576" - }, - { - "name" : "99123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Mercurial before 4.1.3, \"hg serve --stdio\" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1576", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1576" + }, + { + "name": "https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499", + "refsource": "CONFIRM", + "url": "https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499" + }, + { + "name": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29", + "refsource": "CONFIRM", + "url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29" + }, + { + "name": "[debian-lts-announce] 20180705 [SECURITY] [DLA 1414-1] mercurial security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html" + }, + { + "name": "DSA-3963", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3963" + }, + { + "name": "GLSA-201709-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-18" + }, + { + "name": "https://bugs.debian.org/861243", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/861243" + }, + { + "name": "99123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99123" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9545.json b/2017/9xxx/CVE-2017-9545.json index c394cf0a415..ceec2535144 100644 --- a/2017/9xxx/CVE-2017-9545.json +++ b/2017/9xxx/CVE-2017-9545.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/65", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/65" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/65", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/65" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0079.json b/2018/0xxx/CVE-2018-0079.json index bfcb92cc63a..d3bca5366af 100644 --- a/2018/0xxx/CVE-2018-0079.json +++ b/2018/0xxx/CVE-2018-0079.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0079", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0079", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0164.json b/2018/0xxx/CVE-2018-0164.json index 2b027a999ce..b7722403f03 100644 --- a/2018/0xxx/CVE-2018-0164.json +++ b/2018/0xxx/CVE-2018-0164.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. The vulnerability is due to incorrect handling of crafted IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv6 packets through the device. An exploit could allow the attacker to cause an interface queue wedge. This vulnerability affects the Cisco cBR-8 Converged Broadband Router, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco Cloud Services Router 1000V Series when configured with IPv6. In the field and internal testing, this vulnerability was only observed or reproduced on the Cisco cBR-8 Converged Broadband Router. The Cisco ASR 1000 Series Aggregation Services Routers and Cisco Cloud Services Router 1000V Series contain the same code logic, so affected trains have had the code fix applied; however, on these two products, the vulnerability has not been observed in the field or successfully reproduced internally. Cisco Bug IDs: CSCvd75185." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-sisf", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-sisf" - }, - { - "name" : "103553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. The vulnerability is due to incorrect handling of crafted IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv6 packets through the device. An exploit could allow the attacker to cause an interface queue wedge. This vulnerability affects the Cisco cBR-8 Converged Broadband Router, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco Cloud Services Router 1000V Series when configured with IPv6. In the field and internal testing, this vulnerability was only observed or reproduced on the Cisco cBR-8 Converged Broadband Router. The Cisco ASR 1000 Series Aggregation Services Routers and Cisco Cloud Services Router 1000V Series contain the same code logic, so affected trains have had the code fix applied; however, on these two products, the vulnerability has not been observed in the field or successfully reproduced internally. Cisco Bug IDs: CSCvd75185." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103553" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-sisf", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-sisf" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0330.json b/2018/0xxx/CVE-2018-0330.json index ba21228da14..f7e17d262f9 100644 --- a/2018/0xxx/CVE-2018-0330.json +++ b/2018/0xxx/CVE-2018-0330.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco NX-OS unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco NX-OS unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker to execute commands with elevated privileges. This vulnerability affects the following if configured to use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco NX-OS unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco NX-OS unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-nxapi", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-nxapi" - }, - { - "name" : "1041169", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker to execute commands with elevated privileges. This vulnerability affects the following if configured to use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-nxapi", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-nxapi" + }, + { + "name": "1041169", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041169" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0442.json b/2018/0xxx/CVE-2018-0442.json index 610fcfae5b5..9e77e4660ae 100644 --- a/2018/0xxx/CVE-2018-0442.json +++ b/2018/0xxx/CVE-2018-0442.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-17T16:00:00-0500", - "ID" : "CVE-2018-0442", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Wireless LAN Controller (WLC) ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive packet to a vulnerable Cisco WLC device. A successful exploit could allow the attacker to retrieve the contents of device memory, which could lead to the disclosure of confidential information." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "7.5", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-17T16:00:00-0500", + "ID": "CVE-2018-0442", + "STATE": "PUBLIC", + "TITLE": "Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Wireless LAN Controller (WLC) ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181017 Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-memory-leak" - }, - { - "name" : "105664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105664" - }, - { - "name" : "1041923", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041923" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181017-wlc-capwap-memory-leak", - "defect" : [ - [ - "CSCvf66680" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive packet to a vulnerable Cisco WLC device. A successful exploit could allow the attacker to retrieve the contents of device memory, which could lead to the disclosure of confidential information." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041923", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041923" + }, + { + "name": "105664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105664" + }, + { + "name": "20181017 Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-memory-leak" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181017-wlc-capwap-memory-leak", + "defect": [ + [ + "CSCvf66680" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0933.json b/2018/0xxx/CVE-2018-0933.json index a4cc1e87501..8e39a867844 100644 --- a/2018/0xxx/CVE-2018-0933.json +++ b/2018/0xxx/CVE-2018-0933.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore, Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore, Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44396", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44396/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0933", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0933" - }, - { - "name" : "103274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103274" - }, - { - "name" : "1040507", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0933", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0933" + }, + { + "name": "103274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103274" + }, + { + "name": "44396", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44396/" + }, + { + "name": "1040507", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040507" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000154.json b/2018/1000xxx/CVE-2018-1000154.json index f429dd15c9d..094b70d6004 100644 --- a/2018/1000xxx/CVE-2018-1000154.json +++ b/2018/1000xxx/CVE-2018-1000154.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2/1/2018 22:04:54", - "ID" : "CVE-2018-1000154", - "REQUESTER" : "security@zammad.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Zammad", - "version" : { - "version_data" : [ - { - "version_value" : "2.3.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Zammad GmbH" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser. This attack appear to be exploitable via the victim openning a ticket. This vulnerability appears to have been fixed in 2.3.1, 2.2.2 and 2.1.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/1/2018 22:04:54", + "ID": "CVE-2018-1000154", + "REQUESTER": "security@zammad.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zammad/zammad/issues/1869", - "refsource" : "CONFIRM", - "url" : "https://github.com/zammad/zammad/issues/1869" - }, - { - "name" : "https://zammad.com/news/release-2-4", - "refsource" : "CONFIRM", - "url" : "https://zammad.com/news/release-2-4" - }, - { - "name" : "https://zammad.com/news/security-advisory-zaa-2018-01", - "refsource" : "CONFIRM", - "url" : "https://zammad.com/news/security-advisory-zaa-2018-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser. This attack appear to be exploitable via the victim openning a ticket. This vulnerability appears to have been fixed in 2.3.1, 2.2.2 and 2.1.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zammad/zammad/issues/1869", + "refsource": "CONFIRM", + "url": "https://github.com/zammad/zammad/issues/1869" + }, + { + "name": "https://zammad.com/news/release-2-4", + "refsource": "CONFIRM", + "url": "https://zammad.com/news/release-2-4" + }, + { + "name": "https://zammad.com/news/security-advisory-zaa-2018-01", + "refsource": "CONFIRM", + "url": "https://zammad.com/news/security-advisory-zaa-2018-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000191.json b/2018/1000xxx/CVE-2018-1000191.json index 0746437f61a..effd4392c0f 100644 --- a/2018/1000xxx/CVE-2018-1000191.json +++ b/2018/1000xxx/CVE-2018-1000191.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-05T12:46:01.947607", - "DATE_REQUESTED" : "2018-06-05T00:00:00", - "ID" : "CVE-2018-1000191", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Black Duck Detect Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.4.0 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-201" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-05T12:46:01.947607", + "DATE_REQUESTED": "2018-06-05T00:00:00", + "ID": "CVE-2018-1000191", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-866", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-866", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-866" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000520.json b/2018/1000xxx/CVE-2018-1000520.json index 96332c788fa..a9b93393c73 100644 --- a/2018/1000xxx/CVE-2018-1000520.json +++ b/2018/1000xxx/CVE-2018-1000520.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.023227", - "DATE_REQUESTED" : "2018-05-01T01:46:23", - "ID" : "CVE-2018-1000520", - "REQUESTER" : "illya@iluxonchik.me", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mbedTLS", - "version" : { - "version_data" : [ - { - "version_value" : "2.8 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "ARM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted.." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Ciphersuite Allows Incorrectly Signed Certificates" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.023227", + "DATE_REQUESTED": "2018-05-01T01:46:23", + "ID": "CVE-2018-1000520", + "REQUESTER": "illya@iluxonchik.me", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ARMmbed/mbedtls/issues/1561", - "refsource" : "MISC", - "url" : "https://github.com/ARMmbed/mbedtls/issues/1561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted.." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ARMmbed/mbedtls/issues/1561", + "refsource": "MISC", + "url": "https://github.com/ARMmbed/mbedtls/issues/1561" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12706.json b/2018/12xxx/CVE-2018-12706.json index b402595a1c7..2feadd51798 100644 --- a/2018/12xxx/CVE-2018-12706.json +++ b/2018/12xxx/CVE-2018-12706.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44934", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44934/" - }, - { - "name" : "https://hackings8n.blogspot.com/2018/06/cve-2018-12706-digisol-dg-br4000ng.html", - "refsource" : "MISC", - "url" : "https://hackings8n.blogspot.com/2018/06/cve-2018-12706-digisol-dg-br4000ng.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44934", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44934/" + }, + { + "name": "https://hackings8n.blogspot.com/2018/06/cve-2018-12706-digisol-dg-br4000ng.html", + "refsource": "MISC", + "url": "https://hackings8n.blogspot.com/2018/06/cve-2018-12706-digisol-dg-br4000ng.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16174.json b/2018/16xxx/CVE-2018-16174.json index 98ef412bef7..6175235445b 100644 --- a/2018/16xxx/CVE-2018-16174.json +++ b/2018/16xxx/CVE-2018-16174.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LearnPress", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 3.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "ThimPress" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Open Redirect" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LearnPress", + "version": { + "version_data": [ + { + "version_value": "prior to version 3.1.0" + } + ] + } + } + ] + }, + "vendor_name": "ThimPress" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/learnpress/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/learnpress/" - }, - { - "name" : "JVN#85760090", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN85760090/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/learnpress/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/learnpress/" + }, + { + "name": "JVN#85760090", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN85760090/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16225.json b/2018/16xxx/CVE-2018-16225.json index 2b2a002a38c..d1a8e58c6d8 100644 --- a/2018/16xxx/CVE-2018-16225.json +++ b/2018/16xxx/CVE-2018-16225.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180916 [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/21" - }, - { - "name" : "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/", - "refsource" : "MISC", - "url" : "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180916 [CVE-2018-16225] QBee MultiSensor Camera LAN Traffic Vulnerability", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/21" + }, + { + "name": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/", + "refsource": "MISC", + "url": "https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16631.json b/2018/16xxx/CVE-2018-16631.json index fabc7b9b158..525a3d0a376 100644 --- a/2018/16xxx/CVE-2018-16631.json +++ b/2018/16xxx/CVE-2018-16631.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/security-breachlock/CVE-2018-16631/blob/master/Subrion_cms.pdf", - "refsource" : "MISC", - "url" : "https://github.com/security-breachlock/CVE-2018-16631/blob/master/Subrion_cms.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/security-breachlock/CVE-2018-16631/blob/master/Subrion_cms.pdf", + "refsource": "MISC", + "url": "https://github.com/security-breachlock/CVE-2018-16631/blob/master/Subrion_cms.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16833.json b/2018/16xxx/CVE-2018-16833.json index 7e9c59f8faa..77ed4708b25 100644 --- a/2018/16xxx/CVE-2018-16833.json +++ b/2018/16xxx/CVE-2018-16833.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zoho ManageEngine Desktop Central 10.0.271 has XSS via the \"Features & Articles\" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/149436/ManageEngine-Desktop-Central-10.0.271-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149436/ManageEngine-Desktop-Central-10.0.271-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoho ManageEngine Desktop Central 10.0.271 has XSS via the \"Features & Articles\" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149436/ManageEngine-Desktop-Central-10.0.271-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149436/ManageEngine-Desktop-Central-10.0.271-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16915.json b/2018/16xxx/CVE-2018-16915.json index 3a697e10a71..d7c6395d38f 100644 --- a/2018/16xxx/CVE-2018-16915.json +++ b/2018/16xxx/CVE-2018-16915.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16915", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16915", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4448.json b/2018/4xxx/CVE-2018-4448.json index 4df4a514696..c6ca2b725ab 100644 --- a/2018/4xxx/CVE-2018-4448.json +++ b/2018/4xxx/CVE-2018-4448.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4448", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4448", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4797.json b/2018/4xxx/CVE-2018-4797.json index 26a4e4bdaf7..f06e4fc250a 100644 --- a/2018/4xxx/CVE-2018-4797.json +++ b/2018/4xxx/CVE-2018-4797.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4797", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4797", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4981.json b/2018/4xxx/CVE-2018-4981.json index cb0e2294e9a..3d56a5fc3a2 100644 --- a/2018/4xxx/CVE-2018-4981.json +++ b/2018/4xxx/CVE-2018-4981.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104175" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + }, + { + "name": "104175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104175" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7221.json b/2019/7xxx/CVE-2019-7221.json index e00c488aa0b..1731bdb003a 100644 --- a/2019/7xxx/CVE-2019-7221.json +++ b/2019/7xxx/CVE-2019-7221.json @@ -84,8 +84,13 @@ }, { "refsource": "CONFIRM", - "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a" + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f" + }, + { + "refsource": "CONFIRM", + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760" } ] }