From 071400133986d7c59e1f7a7a7bc200897062af7a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:39:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0988.json | 120 +++++++++--------- 2004/1xxx/CVE-2004-1200.json | 160 ++++++++++++------------ 2004/1xxx/CVE-2004-1325.json | 140 ++++++++++----------- 2004/1xxx/CVE-2004-1395.json | 190 ++++++++++++++--------------- 2004/1xxx/CVE-2004-1417.json | 170 +++++++++++++------------- 2008/0xxx/CVE-2008-0714.json | 150 +++++++++++------------ 2008/3xxx/CVE-2008-3487.json | 150 +++++++++++------------ 2008/3xxx/CVE-2008-3799.json | 160 ++++++++++++------------ 2008/4xxx/CVE-2008-4167.json | 160 ++++++++++++------------ 2008/4xxx/CVE-2008-4545.json | 180 +++++++++++++-------------- 2008/6xxx/CVE-2008-6386.json | 140 ++++++++++----------- 2008/6xxx/CVE-2008-6605.json | 150 +++++++++++------------ 2008/6xxx/CVE-2008-6786.json | 170 +++++++++++++------------- 2008/7xxx/CVE-2008-7153.json | 180 +++++++++++++-------------- 2008/7xxx/CVE-2008-7226.json | 150 +++++++++++------------ 2013/2xxx/CVE-2013-2246.json | 130 ++++++++++---------- 2013/2xxx/CVE-2013-2589.json | 34 +++--- 2013/2xxx/CVE-2013-2734.json | 160 ++++++++++++------------ 2013/2xxx/CVE-2013-2996.json | 34 +++--- 2013/6xxx/CVE-2013-6188.json | 130 ++++++++++---------- 2013/6xxx/CVE-2013-6554.json | 34 +++--- 2013/6xxx/CVE-2013-6648.json | 130 ++++++++++---------- 2013/6xxx/CVE-2013-6683.json | 120 +++++++++--------- 2017/10xxx/CVE-2017-10456.json | 34 +++--- 2017/10xxx/CVE-2017-10759.json | 120 +++++++++--------- 2017/11xxx/CVE-2017-11361.json | 120 +++++++++--------- 2017/14xxx/CVE-2017-14373.json | 140 ++++++++++----------- 2017/14xxx/CVE-2017-14586.json | 142 ++++++++++----------- 2017/15xxx/CVE-2017-15416.json | 160 ++++++++++++------------ 2017/15xxx/CVE-2017-15776.json | 120 +++++++++--------- 2017/15xxx/CVE-2017-15943.json | 140 ++++++++++----------- 2017/9xxx/CVE-2017-9312.json | 132 ++++++++++---------- 2017/9xxx/CVE-2017-9765.json | 180 +++++++++++++-------------- 2017/9xxx/CVE-2017-9885.json | 130 ++++++++++---------- 2018/0xxx/CVE-2018-0177.json | 140 ++++++++++----------- 2018/0xxx/CVE-2018-0405.json | 154 +++++++++++------------ 2018/0xxx/CVE-2018-0714.json | 122 +++++++++--------- 2018/0xxx/CVE-2018-0723.json | 122 +++++++++--------- 2018/1000xxx/CVE-2018-1000066.json | 36 +++--- 2018/1000xxx/CVE-2018-1000542.json | 136 ++++++++++----------- 2018/1000xxx/CVE-2018-1000668.json | 126 +++++++++---------- 2018/16xxx/CVE-2018-16230.json | 34 +++--- 2018/16xxx/CVE-2018-16624.json | 34 +++--- 2018/16xxx/CVE-2018-16651.json | 120 +++++++++--------- 2018/19xxx/CVE-2018-19109.json | 120 +++++++++--------- 2018/19xxx/CVE-2018-19368.json | 34 +++--- 2018/4xxx/CVE-2018-4153.json | 34 +++--- 2018/4xxx/CVE-2018-4742.json | 34 +++--- 2018/4xxx/CVE-2018-4855.json | 138 ++++++++++----------- 2018/4xxx/CVE-2018-4969.json | 140 ++++++++++----------- 2018/4xxx/CVE-2018-4999.json | 130 ++++++++++---------- 2019/7xxx/CVE-2019-7424.json | 88 ++++++++++--- 52 files changed, 3177 insertions(+), 3125 deletions(-) diff --git a/2004/0xxx/CVE-2004-0988.json b/2004/0xxx/CVE-2004-0988.json index 9a6e87e227d..7767535d763 100644 --- a/2004/0xxx/CVE-2004-0988.json +++ b/2004/0xxx/CVE-2004-0988.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-10-27", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Oct/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2004-10-27", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1200.json b/2004/1xxx/CVE-2004-1200.json index 6b812b53dad..55c73073a67 100644 --- a/2004/1xxx/CVE-2004-1200.json +++ b/2004/1xxx/CVE-2004-1200.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041125 FIREFOX flaws: nested array sort() loop Stack overflow exception", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029434.html" - }, - { - "name" : "20041125 MSIE & FIREFOX flaws: \"detailed\" advisory and comments that you probably don't want to read anyway", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029491.html" - }, - { - "name" : "11752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11752" - }, - { - "name" : "11760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11760" - }, - { - "name" : "web-browser-array-dos(18282)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041125 FIREFOX flaws: nested array sort() loop Stack overflow exception", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029434.html" + }, + { + "name": "web-browser-array-dos(18282)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282" + }, + { + "name": "11752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11752" + }, + { + "name": "20041125 MSIE & FIREFOX flaws: \"detailed\" advisory and comments that you probably don't want to read anyway", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029491.html" + }, + { + "name": "11760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11760" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1325.json b/2004/1xxx/CVE-2004-1325.json index acb2f667b6f..ce0d25c09ef 100644 --- a/2004/1xxx/CVE-2004-1325.json +++ b/2004/1xxx/CVE-2004-1325.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041218 MS Windows Media Player 9 Vulns (2)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110352518211306&w=2" - }, - { - "name" : "12032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12032" - }, - { - "name" : "mediaplayer-activex-information-disclosure(18587)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041218 MS Windows Media Player 9 Vulns (2)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110352518211306&w=2" + }, + { + "name": "12032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12032" + }, + { + "name": "mediaplayer-activex-information-disclosure(18587)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18587" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1395.json b/2004/1xxx/CVE-2004-1395.json index dfe5390eafd..7b0ee106322 100644 --- a/2004/1xxx/CVE-2004-1395.json +++ b/2004/1xxx/CVE-2004-1395.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) No one lives forever 2 1.3 and earlier, (3) Tron 2.0 1.042 and earlier, (4) F.E.A.R. (First Encounter Assault and Recon), and possibly other games, allows remote attackers to cause a denial of service (connection refused) via a UDP packet that causes recvfrom to generate a return code that causes the listening loop to exit, as demonstrated using zero byte packets or packets between 8193 and 12280 bytes, which result in conditions that are not \"Operation would block.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041213 Socket unreacheable in the Lithtech engine (new protocol)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110297515500671&w=2" - }, - { - "name" : "20041213 Socket unreacheable in the Lithtech engine (new protocol)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/029932.html" - }, - { - "name" : "20051021 F.E.A.R. 1.01 likes lithsock", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038095.html" - }, - { - "name" : "http://aluigi.altervista.org/adv/lithsock-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/lithsock-adv.txt" - }, - { - "name" : "11902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11902" - }, - { - "name" : "13446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13446/" - }, - { - "name" : "17317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17317" - }, - { - "name" : "lithtech-engine-communication-dos(18456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) No one lives forever 2 1.3 and earlier, (3) Tron 2.0 1.042 and earlier, (4) F.E.A.R. (First Encounter Assault and Recon), and possibly other games, allows remote attackers to cause a denial of service (connection refused) via a UDP packet that causes recvfrom to generate a return code that causes the listening loop to exit, as demonstrated using zero byte packets or packets between 8193 and 12280 bytes, which result in conditions that are not \"Operation would block.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13446/" + }, + { + "name": "http://aluigi.altervista.org/adv/lithsock-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/lithsock-adv.txt" + }, + { + "name": "lithtech-engine-communication-dos(18456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18456" + }, + { + "name": "20051021 F.E.A.R. 1.01 likes lithsock", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038095.html" + }, + { + "name": "17317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17317" + }, + { + "name": "11902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11902" + }, + { + "name": "20041213 Socket unreacheable in the Lithtech engine (new protocol)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110297515500671&w=2" + }, + { + "name": "20041213 Socket unreacheable in the Lithtech engine (new protocol)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/029932.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1417.json b/2004/1xxx/CVE-2004-1417.json index 2907ce1d42e..0b37e1f536c 100644 --- a/2004/1xxx/CVE-2004-1417.json +++ b/2004/1xxx/CVE-2004-1417.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041223 Cross Site Scripting In PsychoStats 2.2.4 Beta && Earlier", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110383119525592&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00057-12222004", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00057-12222004" - }, - { - "name" : "13619", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13619/" - }, - { - "name" : "http://www.psychostats.com/forums/viewtopic.php?t=11022", - "refsource" : "MISC", - "url" : "http://www.psychostats.com/forums/viewtopic.php?t=11022" - }, - { - "name" : "12089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12089" - }, - { - "name" : "psychostats-login-xss(18651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12089" + }, + { + "name": "13619", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13619/" + }, + { + "name": "http://www.psychostats.com/forums/viewtopic.php?t=11022", + "refsource": "MISC", + "url": "http://www.psychostats.com/forums/viewtopic.php?t=11022" + }, + { + "name": "psychostats-login-xss(18651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18651" + }, + { + "name": "20041223 Cross Site Scripting In PsychoStats 2.2.4 Beta && Earlier", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110383119525592&w=2" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00057-12222004", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00057-12222004" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0714.json b/2008/0xxx/CVE-2008-0714.json index 02aed9e3343..d64f1f57ad7 100644 --- a/2008/0xxx/CVE-2008-0714.json +++ b/2008/0xxx/CVE-2008-0714.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5074", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5074" - }, - { - "name" : "27651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27651" - }, - { - "name" : "28803", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28803" - }, - { - "name" : "mihalism-users-sql-injection(40289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mihalism-users-sql-injection(40289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40289" + }, + { + "name": "5074", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5074" + }, + { + "name": "27651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27651" + }, + { + "name": "28803", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28803" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3487.json b/2008/3xxx/CVE-2008-3487.json index 6df12f94805..34d85250336 100644 --- a/2008/3xxx/CVE-2008-3487.json +++ b/2008/3xxx/CVE-2008-3487.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6182", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6182" - }, - { - "name" : "30501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30501" - }, - { - "name" : "4111", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4111" - }, - { - "name" : "phpauctiongplenhanced-profile-sql-injection(44239)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30501" + }, + { + "name": "phpauctiongplenhanced-profile-sql-injection(44239)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44239" + }, + { + "name": "6182", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6182" + }, + { + "name": "4111", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4111" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3799.json b/2008/3xxx/CVE-2008-3799.json index fc83fb7e38e..247f85360cb 100644 --- a/2008/3xxx/CVE-2008-3799.json +++ b/2008/3xxx/CVE-2008-3799.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-3799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml" - }, - { - "name" : "oval:org.mitre.oval:def:5927", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5927" - }, - { - "name" : "1020939", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020939" - }, - { - "name" : "ADV-2008-2670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2670" - }, - { - "name" : "31990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5927", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5927" + }, + { + "name": "31990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31990" + }, + { + "name": "ADV-2008-2670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2670" + }, + { + "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml" + }, + { + "name": "1020939", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020939" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4167.json b/2008/4xxx/CVE-2008-4167.json index b4892c79f3d..7d668a8a539 100644 --- a/2008/4xxx/CVE-2008-4167.json +++ b/2008/4xxx/CVE-2008-4167.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6437", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6437" - }, - { - "name" : "31161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31161" - }, - { - "name" : "31774", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31774" - }, - { - "name" : "4282", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4282" - }, - { - "name" : "easyphotogallery-useradmin-security-bypass(45119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31161" + }, + { + "name": "6437", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6437" + }, + { + "name": "31774", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31774" + }, + { + "name": "4282", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4282" + }, + { + "name": "easyphotogallery-useradmin-security-bypass(45119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45119" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4545.json b/2008/4xxx/CVE-2008-4545.json index dd20371fe21..7e70cdb85e0 100644 --- a/2008/4xxx/CVE-2008-4545.json +++ b/2008/4xxx/CVE-2008-4545.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\\CommServer\\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.voipshield.com/research-details.php?id=130", - "refsource" : "MISC", - "url" : "http://www.voipshield.com/research-details.php?id=130" - }, - { - "name" : "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html" - }, - { - "name" : "31642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31642" - }, - { - "name" : "ADV-2008-2771", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2771" - }, - { - "name" : "1021022", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021022" - }, - { - "name" : "32187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32187" - }, - { - "name" : "unityserver-reports-information-disclosure(45742)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\\CommServer\\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32187" + }, + { + "name": "http://www.voipshield.com/research-details.php?id=130", + "refsource": "MISC", + "url": "http://www.voipshield.com/research-details.php?id=130" + }, + { + "name": "31642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31642" + }, + { + "name": "unityserver-reports-information-disclosure(45742)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45742" + }, + { + "name": "1021022", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021022" + }, + { + "name": "ADV-2008-2771", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2771" + }, + { + "name": "20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6386.json b/2008/6xxx/CVE-2008-6386.json index 8ee9ad219df..de746e9d897 100644 --- a/2008/6xxx/CVE-2008-6386.json +++ b/2008/6xxx/CVE-2008-6386.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0812-exploits/z1exchange-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0812-exploits/z1exchange-sqlxss.txt" - }, - { - "name" : "32598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32598" - }, - { - "name" : "z1exchange-showads-xss(47028)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "z1exchange-showads-xss(47028)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47028" + }, + { + "name": "32598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32598" + }, + { + "name": "http://packetstormsecurity.org/0812-exploits/z1exchange-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0812-exploits/z1exchange-sqlxss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6605.json b/2008/6xxx/CVE-2008-6605.json index 6136d518086..c0dfa6b3f6a 100644 --- a/2008/6xxx/CVE-2008-6605.json +++ b/2008/6xxx/CVE-2008-6605.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7060", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7060" - }, - { - "name" : "32211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32211" - }, - { - "name" : "49835", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49835" - }, - { - "name" : "2wire-xslt-dos(46537)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32211" + }, + { + "name": "49835", + "refsource": "OSVDB", + "url": "http://osvdb.org/49835" + }, + { + "name": "2wire-xslt-dos(46537)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46537" + }, + { + "name": "7060", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7060" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6786.json b/2008/6xxx/CVE-2008-6786.json index 14f6b633553..3148eea44fd 100644 --- a/2008/6xxx/CVE-2008-6786.json +++ b/2008/6xxx/CVE-2008-6786.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in geekigeeki.py in GeekiGeeki before 3.0 allow remote attackers to read arbitrary files via directory traversal sequences in a pagename argument in the (1) handle_edit and (2) handle_raw functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.codewiz.org/wikigit/geekigeeki.git/blobdiff/92e45c3ce9260c69b4201d877c0f2e431024a52e..5f99f96a7a102bb8f2c491dd1e11fe8686c7c0a0:/geekigeeki.py", - "refsource" : "CONFIRM", - "url" : "http://www.codewiz.org/wikigit/geekigeeki.git/blobdiff/92e45c3ce9260c69b4201d877c0f2e431024a52e..5f99f96a7a102bb8f2c491dd1e11fe8686c7c0a0:/geekigeeki.py" - }, - { - "name" : "http://www.codewiz.org/wikigit/geekigeeki.git?a=commit;h=5f99f96a7a102bb8f2c491dd1e11fe8686c7c0a0", - "refsource" : "CONFIRM", - "url" : "http://www.codewiz.org/wikigit/geekigeeki.git?a=commit;h=5f99f96a7a102bb8f2c491dd1e11fe8686c7c0a0" - }, - { - "name" : "32831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32831" - }, - { - "name" : "50719", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/50719" - }, - { - "name" : "33162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33162" - }, - { - "name" : "geekigeeki-handleedit-directory-traversal(47375)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in geekigeeki.py in GeekiGeeki before 3.0 allow remote attackers to read arbitrary files via directory traversal sequences in a pagename argument in the (1) handle_edit and (2) handle_raw functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50719", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/50719" + }, + { + "name": "http://www.codewiz.org/wikigit/geekigeeki.git/blobdiff/92e45c3ce9260c69b4201d877c0f2e431024a52e..5f99f96a7a102bb8f2c491dd1e11fe8686c7c0a0:/geekigeeki.py", + "refsource": "CONFIRM", + "url": "http://www.codewiz.org/wikigit/geekigeeki.git/blobdiff/92e45c3ce9260c69b4201d877c0f2e431024a52e..5f99f96a7a102bb8f2c491dd1e11fe8686c7c0a0:/geekigeeki.py" + }, + { + "name": "geekigeeki-handleedit-directory-traversal(47375)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47375" + }, + { + "name": "33162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33162" + }, + { + "name": "http://www.codewiz.org/wikigit/geekigeeki.git?a=commit;h=5f99f96a7a102bb8f2c491dd1e11fe8686c7c0a0", + "refsource": "CONFIRM", + "url": "http://www.codewiz.org/wikigit/geekigeeki.git?a=commit;h=5f99f96a7a102bb8f2c491dd1e11fe8686c7c0a0" + }, + { + "name": "32831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32831" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7153.json b/2008/7xxx/CVE-2008-7153.json index a07d604baff..beb91ae890b 100644 --- a/2008/7xxx/CVE-2008-7153.json +++ b/2008/7xxx/CVE-2008-7153.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4879", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4879" - }, - { - "name" : "4891", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4891" - }, - { - "name" : "http://www.docebo.org/doceboCms/bugtracker/18_124/bugdetails/appid_24-bugid_198/bugtracker.html", - "refsource" : "CONFIRM", - "url" : "http://www.docebo.org/doceboCms/bugtracker/18_124/bugdetails/appid_24-bugid_198/bugtracker.html" - }, - { - "name" : "27211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27211" - }, - { - "name" : "40138", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40138" - }, - { - "name" : "28378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28378" - }, - { - "name" : "docebo-libregset-sql-injection(39589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27211" + }, + { + "name": "40138", + "refsource": "OSVDB", + "url": "http://osvdb.org/40138" + }, + { + "name": "http://www.docebo.org/doceboCms/bugtracker/18_124/bugdetails/appid_24-bugid_198/bugtracker.html", + "refsource": "CONFIRM", + "url": "http://www.docebo.org/doceboCms/bugtracker/18_124/bugdetails/appid_24-bugid_198/bugtracker.html" + }, + { + "name": "docebo-libregset-sql-injection(39589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39589" + }, + { + "name": "4891", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4891" + }, + { + "name": "4879", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4879" + }, + { + "name": "28378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28378" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7226.json b/2008/7xxx/CVE-2008-7226.json index f352b57d4ff..7bcf2cf5004 100644 --- a/2008/7xxx/CVE-2008-7226.json +++ b/2008/7xxx/CVE-2008-7226.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080223 php-nuke Recipes SQL Injection(recipeid)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488649/100/100/threaded" - }, - { - "name" : "27955", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27955" - }, - { - "name" : "52224", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52224" - }, - { - "name" : "recipe-modules-sql-injection(40807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080223 php-nuke Recipes SQL Injection(recipeid)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488649/100/100/threaded" + }, + { + "name": "27955", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27955" + }, + { + "name": "52224", + "refsource": "OSVDB", + "url": "http://osvdb.org/52224" + }, + { + "name": "recipe-modules-sql-injection(40807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40807" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2246.json b/2013/2xxx/CVE-2013-2246.json index 9f3c6d49c02..16a613d61b5 100644 --- a/2013/2xxx/CVE-2013-2246.json +++ b/2013/2xxx/CVE-2013-2246.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39570", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39570" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=232503", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=232503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=232503", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=232503" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39570", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39570" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2589.json b/2013/2xxx/CVE-2013-2589.json index f256d473bfe..5ccc39de9a4 100644 --- a/2013/2xxx/CVE-2013-2589.json +++ b/2013/2xxx/CVE-2013-2589.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2589", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2589", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2734.json b/2013/2xxx/CVE-2013-2734.json index cb48c9cd972..a68f1bd7592 100644 --- a/2013/2xxx/CVE-2013-2734.json +++ b/2013/2xxx/CVE-2013-2734.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-2734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "RHSA-2013:0826", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0826.html" - }, - { - "name" : "SUSE-SU-2013:0809", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:16145", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-15.html" + }, + { + "name": "SUSE-SU-2013:0809", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:16145", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16145" + }, + { + "name": "RHSA-2013:0826", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0826.html" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2996.json b/2013/2xxx/CVE-2013-2996.json index cd7659e694f..7c5febea7d5 100644 --- a/2013/2xxx/CVE-2013-2996.json +++ b/2013/2xxx/CVE-2013-2996.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2996", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2996", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6188.json b/2013/6xxx/CVE-2013-6188.json index c81c6b08083..5ddc91539ce 100644 --- a/2013/6xxx/CVE-2013-6188.json +++ b/2013/6xxx/CVE-2013-6188.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-6188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02947", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04039138" - }, - { - "name" : "SSRT101149", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04039138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101149", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04039138" + }, + { + "name": "HPSBMU02947", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04039138" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6554.json b/2013/6xxx/CVE-2013-6554.json index e318103bb00..be4885eb5ec 100644 --- a/2013/6xxx/CVE-2013-6554.json +++ b/2013/6xxx/CVE-2013-6554.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6554", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6554", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6648.json b/2013/6xxx/CVE-2013-6648.json index 7a2d80750af..9985e40f2b2 100644 --- a/2013/6xxx/CVE-2013-6648.json +++ b/2013/6xxx/CVE-2013-6648.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=330293", - "refsource" : "CONFIRM", - "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=330293" - }, - { - "name" : "https://skia.googlesource.com/skia/+/73be1fc", - "refsource" : "CONFIRM", - "url" : "https://skia.googlesource.com/skia/+/73be1fc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=330293", + "refsource": "CONFIRM", + "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=330293" + }, + { + "name": "https://skia.googlesource.com/skia/+/73be1fc", + "refsource": "CONFIRM", + "url": "https://skia.googlesource.com/skia/+/73be1fc" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6683.json b/2013/6xxx/CVE-2013-6683.json index 2e5ab85e717..65b7db8e59c 100644 --- a/2013/6xxx/CVE-2013-6683.json +++ b/2013/6xxx/CVE-2013-6683.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131112 Cisco Nexus 4000 Series Switches IPv6 Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131112 Cisco Nexus 4000 Series Switches IPv6 Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6683" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10456.json b/2017/10xxx/CVE-2017-10456.json index 40f8c6786f2..6022c3b2a3c 100644 --- a/2017/10xxx/CVE-2017-10456.json +++ b/2017/10xxx/CVE-2017-10456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10456", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10456", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10759.json b/2017/10xxx/CVE-2017-10759.json index 9fc88c5231a..05edaed9540 100644 --- a/2017/10xxx/CVE-2017-10759.json +++ b/2017/10xxx/CVE-2017-10759.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInsertDependencyRecord+0x0000000000000039.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInsertDependencyRecord+0x0000000000000039.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11361.json b/2017/11xxx/CVE-2017-11361.json index 74d56173fa9..91cb8cdfcb9 100644 --- a/2017/11xxx/CVE-2017-11361.json +++ b/2017/11xxx/CVE-2017-11361.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inteno routers have a JUCI ACL misconfiguration that allows the \"user\" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the \"user\" password might be \"user\" or might match the Wi-Fi key.)" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html", - "refsource" : "MISC", - "url" : "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inteno routers have a JUCI ACL misconfiguration that allows the \"user\" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the \"user\" password might be \"user\" or might match the Wi-Fi key.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html", + "refsource": "MISC", + "url": "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14373.json b/2017/14xxx/CVE-2017-14373.json index 30019edd7df..7eb5780e77b 100644 --- a/2017/14xxx/CVE-2017-14373.json +++ b/2017/14xxx/CVE-2017-14373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-14373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA Authentication Manager 8.2 SP1 P4 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "RSA Authentication Manager 8.2 SP1 P4 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected Cross-Site Scripting Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-14373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA Authentication Manager 8.2 SP1 P4 and earlier", + "version": { + "version_data": [ + { + "version_value": "RSA Authentication Manager 8.2 SP1 P4 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Oct/62", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Oct/62" - }, - { - "name" : "101605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101605" - }, - { - "name" : "1039680", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039680", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039680" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Oct/62", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Oct/62" + }, + { + "name": "101605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101605" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14586.json b/2017/14xxx/CVE-2017-14586.json index 591fcf69200..8967952d69c 100644 --- a/2017/14xxx/CVE-2017-14586.json +++ b/2017/14xxx/CVE-2017-14586.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2017-11-22T00:00:00", - "ID" : "CVE-2017-14586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hipchat for Mac desktop client", - "version" : { - "version_data" : [ - { - "version_value" : "4.0 <= version < 4.30" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Client Side Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2017-11-22T00:00:00", + "ID": "CVE-2017-14586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hipchat for Mac desktop client", + "version": { + "version_data": [ + { + "version_value": "4.0 <= version < 4.30" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html", - "refsource" : "CONFIRM", - "url" : "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html" - }, - { - "name" : "https://jira.atlassian.com/browse/HCPUB-3473", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/HCPUB-3473" - }, - { - "name" : "101947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Client Side Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101947" + }, + { + "name": "https://jira.atlassian.com/browse/HCPUB-3473", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/HCPUB-3473" + }, + { + "name": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html", + "refsource": "CONFIRM", + "url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-11-22-939946293.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15416.json b/2017/15xxx/CVE-2017-15416.json index a5d8ed4bda0..86f380d0ad3 100644 --- a/2017/15xxx/CVE-2017-15416.json +++ b/2017/15xxx/CVE-2017-15416.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-15416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 63.0.3239.84 unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 63.0.3239.84 unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-15416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 63.0.3239.84 unknown", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 63.0.3239.84 unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/779314", - "refsource" : "MISC", - "url" : "https://crbug.com/779314" - }, - { - "name" : "DSA-4064", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4064" - }, - { - "name" : "GLSA-201801-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-03" - }, - { - "name" : "RHSA-2017:3401", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3401", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3401" + }, + { + "name": "https://crbug.com/779314", + "refsource": "MISC", + "url": "https://crbug.com/779314" + }, + { + "name": "GLSA-201801-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-03" + }, + { + "name": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" + }, + { + "name": "DSA-4064", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4064" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15776.json b/2017/15xxx/CVE-2017-15776.json index 4dc60248316..6281278c1b4 100644 --- a/2017/15xxx/CVE-2017-15776.json +++ b/2017/15xxx/CVE-2017-15776.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15943.json b/2017/15xxx/CVE-2017-15943.json index 1e86b651968..70628d2f829 100644 --- a/2017/15xxx/CVE-2017-15943.json +++ b/2017/15xxx/CVE-2017-15943.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/99", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/99" - }, - { - "name" : "102074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102074" - }, - { - "name" : "1040005", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040005", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040005" + }, + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/99", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/99" + }, + { + "name": "102074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102074" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9312.json b/2017/9xxx/CVE-2017-9312.json index ae22f2b5929..9dc96bee54a 100644 --- a/2017/9xxx/CVE-2017-9312.json +++ b/2017/9xxx/CVE-2017-9312.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2018-06-21T00:00:00", - "ID" : "CVE-2017-9312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2018-06-21T00:00:00", + "ID": "CVE-2017-9312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-172-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-172-02" - }, - { - "name" : "104528", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-172-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-172-02" + }, + { + "name": "104528", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104528" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9765.json b/2017/9xxx/CVE-2017-9765.json index 37aae3884d7..c2e42e48641 100644 --- a/2017/9xxx/CVE-2017-9765.json +++ b/2017/9xxx/CVE-2017-9765.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions", - "refsource" : "MISC", - "url" : "http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions" - }, - { - "name" : "http://blog.senr.io/devilsivy.html", - "refsource" : "MISC", - "url" : "http://blog.senr.io/devilsivy.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1472807", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1472807" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1049348", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1049348" - }, - { - "name" : "https://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21,_2017%29", - "refsource" : "MISC", - "url" : "https://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21,_2017%29" - }, - { - "name" : "https://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29", - "refsource" : "MISC", - "url" : "https://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29" - }, - { - "name" : "99868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1049348", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049348" + }, + { + "name": "http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions", + "refsource": "MISC", + "url": "http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions" + }, + { + "name": "http://blog.senr.io/devilsivy.html", + "refsource": "MISC", + "url": "http://blog.senr.io/devilsivy.html" + }, + { + "name": "https://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21,_2017%29", + "refsource": "MISC", + "url": "https://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21,_2017%29" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1472807", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472807" + }, + { + "name": "99868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99868" + }, + { + "name": "https://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29", + "refsource": "MISC", + "url": "https://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9885.json b/2017/9xxx/CVE-2017-9885.json index 1bc54ec09e4..8b15b101d53 100644 --- a/2017/9xxx/CVE-2017-9885.json +++ b/2017/9xxx/CVE-2017-9885.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000006a98.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9885", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9885" - }, - { - "name" : "http://www.irfanview.com/plugins.htm", - "refsource" : "CONFIRM", - "url" : "http://www.irfanview.com/plugins.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000006a98.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9885", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9885" + }, + { + "name": "http://www.irfanview.com/plugins.htm", + "refsource": "CONFIRM", + "url": "http://www.irfanview.com/plugins.htm" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0177.json b/2018/0xxx/CVE-2018-0177.json index 2635c8eeae2..4e1a6eeb445 100644 --- a/2018/0xxx/CVE-2018-0177.json +++ b/2018/0xxx/CVE-2018-0177.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-19" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4" - }, - { - "name" : "103563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103563" - }, - { - "name" : "1040588", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-19" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103563" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4" + }, + { + "name": "1040588", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040588" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0405.json b/2018/0xxx/CVE-2018-0405.json index 8bbfb984833..98f82856ff9 100644 --- a/2018/0xxx/CVE-2018-0405.json +++ b/2018/0xxx/CVE-2018-0405.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-0405", - "STATE" : "PUBLIC", - "TITLE" : "Cisco RV180W Wireless-N Multifunction VPN Router Directory Path Traversal Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco RV180W Wireless-N Multifunction VPN Router", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "7.5", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-0405", + "STATE": "PUBLIC", + "TITLE": "Cisco RV180W Wireless-N Multifunction VPN Router Directory Path Traversal Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco RV180W Wireless-N Multifunction VPN Router", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019", - "refsource" : "CONFIRM", - "url" : "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019" - } - ] - }, - "source" : { - "advisory" : "CSCvk28019", - "defect" : [ - [ - "CSCvk28019" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019", + "refsource": "CONFIRM", + "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019" + } + ] + }, + "source": { + "advisory": "CSCvk28019", + "defect": [ + [ + "CSCvk28019" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0714.json b/2018/0xxx/CVE-2018-0714.json index a5470f965c7..ec9414b00ae 100644 --- a/2018/0xxx/CVE-2018-0714.json +++ b/2018/0xxx/CVE-2018-0714.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@qnapsecurity.com.tw", - "DATE_PUBLIC" : "2018-08-13T00:00:00", - "ID" : "CVE-2018-0714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Helpdesk in QTS", - "version" : { - "version_data" : [ - { - "version_value" : "Helpdesk versions 1.1.21 and earlier in QTS 4.2.6: build 20180531, QTS 4.3.3: build 20180528, QTS 4.3.4: build 20180528 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "QNAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", + "DATE_PUBLIC": "2018-08-13T00:00:00", + "ID": "CVE-2018-0714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Helpdesk in QTS", + "version": { + "version_data": [ + { + "version_value": "Helpdesk versions 1.1.21 and earlier in QTS 4.2.6: build 20180531, QTS 4.3.3: build 20180528, QTS 4.3.4: build 20180528 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "QNAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201808-13", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201808-13" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201808-13", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201808-13" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0723.json b/2018/0xxx/CVE-2018-0723.json index 9e6d06c7416..4e12d867cd3 100644 --- a/2018/0xxx/CVE-2018-0723.json +++ b/2018/0xxx/CVE-2018-0723.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@qnapsecurity.com.tw", - "DATE_PUBLIC" : "2018-12-26T00:00:00", - "ID" : "CVE-2018-0723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Q'center Virtual Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "Q'center Virtual Appliance 1.8.1014 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "QNAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", + "DATE_PUBLIC": "2018-12-26T00:00:00", + "ID": "CVE-2018-0723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Q'center Virtual Appliance", + "version": { + "version_data": [ + { + "version_value": "Q'center Virtual Appliance 1.8.1014 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "QNAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000066.json b/2018/1000xxx/CVE-2018-1000066.json index 8d55502a8a6..87b37b79c74 100644 --- a/2018/1000xxx/CVE-2018-1000066.json +++ b/2018/1000xxx/CVE-2018-1000066.json @@ -1,20 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2018-02-11", - "ID" : "CVE-2018-1000066", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5380. Reason: This candidate is a reservation duplicate of CVE-2018-5380. Notes: All CVE users should reference CVE-2018-5380 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1000066", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5380. Reason: This candidate is a reservation duplicate of CVE-2018-5380. Notes: All CVE users should reference CVE-2018-5380 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000542.json b/2018/1000xxx/CVE-2018-1000542.json index 562abc5358d..5e4d9e28943 100644 --- a/2018/1000xxx/CVE-2018-1000542.json +++ b/2018/1000xxx/CVE-2018-1000542.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-06-23T11:22:33.059906", - "DATE_REQUESTED" : "2018-06-01T15:41:10", - "ID" : "CVE-2018-1000542", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "netbeans-mmd-plugin", - "version" : { - "version_data" : [ - { - "version_value" : "<= 1.4.3" - } - ] - } - } - ] - }, - "vendor_name" : "netbeans-mmd-plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-06-23T11:22:33.059906", + "DATE_REQUESTED": "2018-06-01T15:41:10", + "ID": "CVE-2018-1000542", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/", - "refsource" : "MISC", - "url" : "https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/" - }, - { - "name" : "https://github.com/raydac/netbeans-mmd-plugin/issues/45", - "refsource" : "MISC", - "url" : "https://github.com/raydac/netbeans-mmd-plugin/issues/45" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/raydac/netbeans-mmd-plugin/issues/45", + "refsource": "MISC", + "url": "https://github.com/raydac/netbeans-mmd-plugin/issues/45" + }, + { + "name": "https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/", + "refsource": "MISC", + "url": "https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000668.json b/2018/1000xxx/CVE-2018-1000668.json index 7cb3d33894b..a6cb86f7fc9 100644 --- a/2018/1000xxx/CVE-2018-1000668.json +++ b/2018/1000xxx/CVE-2018-1000668.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-09-03T16:07:16.978391", - "DATE_REQUESTED" : "2018-08-24T10:49:05", - "ID" : "CVE-2018-1000668", - "REQUESTER" : "m.dominiak@samsung.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jsish", - "version" : { - "version_data" : [ - { - "version_value" : "2.4.70 2.047" - } - ] - } - } - ] - }, - "vendor_name" : "jsish" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125: Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-09-03T16:07:16.978391", + "DATE_REQUESTED": "2018-08-24T10:49:05", + "ID": "CVE-2018-1000668", + "REQUESTER": "m.dominiak@samsung.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jsish.org/fossil/jsi/tktview?name=9602dbd997", - "refsource" : "CONFIRM", - "url" : "https://jsish.org/fossil/jsi/tktview?name=9602dbd997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jsish.org/fossil/jsi/tktview?name=9602dbd997", + "refsource": "CONFIRM", + "url": "https://jsish.org/fossil/jsi/tktview?name=9602dbd997" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16230.json b/2018/16xxx/CVE-2018-16230.json index b47391bc641..2571dad2cd7 100644 --- a/2018/16xxx/CVE-2018-16230.json +++ b/2018/16xxx/CVE-2018-16230.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16230", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16230", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16624.json b/2018/16xxx/CVE-2018-16624.json index 2b2d2351fa9..ef742e5a080 100644 --- a/2018/16xxx/CVE-2018-16624.json +++ b/2018/16xxx/CVE-2018-16624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16624", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16624", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16651.json b/2018/16xxx/CVE-2018-16651.json index 4bf4b72008e..09a8f335c72 100644 --- a/2018/16xxx/CVE-2018-16651.json +++ b/2018/16xxx/CVE-2018-16651.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.phpmyfaq.de/security/advisory-2018-09-02", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyfaq.de/security/advisory-2018-09-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.phpmyfaq.de/security/advisory-2018-09-02", + "refsource": "CONFIRM", + "url": "https://www.phpmyfaq.de/security/advisory-2018-09-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19109.json b/2018/19xxx/CVE-2018-19109.json index 3cfa539020d..c7311127e66 100644 --- a/2018/19xxx/CVE-2018-19109.json +++ b/2018/19xxx/CVE-2018-19109.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xujeff/tianti/issues/29", - "refsource" : "MISC", - "url" : "https://github.com/xujeff/tianti/issues/29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xujeff/tianti/issues/29", + "refsource": "MISC", + "url": "https://github.com/xujeff/tianti/issues/29" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19368.json b/2018/19xxx/CVE-2018-19368.json index 023af35075d..a72762f5b2f 100644 --- a/2018/19xxx/CVE-2018-19368.json +++ b/2018/19xxx/CVE-2018-19368.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19368", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19368", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4153.json b/2018/4xxx/CVE-2018-4153.json index 65a4059edd8..d6965d7cdff 100644 --- a/2018/4xxx/CVE-2018-4153.json +++ b/2018/4xxx/CVE-2018-4153.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4153", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4153", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4742.json b/2018/4xxx/CVE-2018-4742.json index bbce4d5dc13..531d6320f29 100644 --- a/2018/4xxx/CVE-2018-4742.json +++ b/2018/4xxx/CVE-2018-4742.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4742", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4742", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4855.json b/2018/4xxx/CVE-2018-4855.json index 1438c84ac5b..71a8bb5395c 100644 --- a/2018/4xxx/CVE-2018-4855.json +++ b/2018/4xxx/CVE-2018-4855.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-07-03T00:00:00", - "ID" : "CVE-2018-4855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SICLOCK TC100, SICLOCK TC400", - "version" : { - "version_data" : [ - { - "version_value" : "SICLOCK TC100 : All versions" - }, - { - "version_value" : "SICLOCK TC400 : All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-311: Missing Encryption of Sensitive Data" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-07-03T00:00:00", + "ID": "CVE-2018-4855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SICLOCK TC100, SICLOCK TC400", + "version": { + "version_data": [ + { + "version_value": "SICLOCK TC100 : All versions" + }, + { + "version_value": "SICLOCK TC400 : All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf" - }, - { - "name" : "104672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-311: Missing Encryption of Sensitive Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104672" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4969.json b/2018/4xxx/CVE-2018-4969.json index f2ddb4670db..e5844b09d7c 100644 --- a/2018/4xxx/CVE-2018-4969.json +++ b/2018/4xxx/CVE-2018-4969.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104175" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + }, + { + "name": "104175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104175" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4999.json b/2018/4xxx/CVE-2018-4999.json index b6c7918f057..20f51f096b2 100644 --- a/2018/4xxx/CVE-2018-4999.json +++ b/2018/4xxx/CVE-2018-4999.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "104266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104266" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7424.json b/2019/7xxx/CVE-2019-7424.json index 3bb311b231a..5a951de593d 100644 --- a/2019/7xxx/CVE-2019-7424.json +++ b/2019/7xxx/CVE-2019-7424.json @@ -1,18 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-7424", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-7424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone \"/netflow/jspui/index.jsp\" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html" + }, + { + "url": "https://www.manageengine.com/products/netflow/?doc", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/netflow/?doc" + }, + { + "refsource": "FULLDISC", + "name": "20190206 [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone", + "url": "http://seclists.org/fulldisclosure/2019/Feb/29" + } + ] + } +} \ No newline at end of file